Home » News » Privacy and Security
Receive News By Email

  • del.icio.us
  • Digg
  • StumbleUpon
  • Reddit
  • Facebook
  • Google
  • RSS Icon
  

AHA urges CMS to think twice on HIPAA

September 08, 2011 | Bernie Monegain, Editor

Related Resources

Cites burden of compliance

CHICAGO – The American Hospital Association last month became the latest healthcare group to advise the Centers for Medicare and Medicaid Services to reconsider its accounting of disclosures rule, included in proposed changes to the HIPAA privacy rule under the HITECH Act.

In an Aug. 1 letter to Department of Health and Human Services Secretary Kathleen Sebelius, RickPollack, AHA executive vice president, wrote that the rule fails to "appropriately balance the relevant privacy interests of individuals with the substantial burdens on covered entities, including hospitals."

The association urged HHS to withdraw the proposal and "reissue a request for information aimed at better reflecting the statutory requirements, the technological realities, and better alignment of the regulation's effectiveness with the compliance burdens."

While generally endorsing the rule's proposed accounting of disclosures revisions, AHA urged additional changes to ensure a proper balance of the value of the information to patients with the burdens to covered entities of producing it. AHA also urged HHS to retract the rule's preamble commentary about the HIPAA security rule in order to reflect longstanding department guidance.

Other groups calling on the government to reconsider the proposed new rule include the Medical Group Management Association and CHIME. MGMA is requesting that HHS engage with medical groups and other stakeholders to develop a consensus-driven solution before moving forward with the regulation.

 “These reports, which would be required to show all electronic access to a patient’s health information for up to three years, could be hundreds or even thousands of pages long, making them extremely challenging for physician practices to produce and of little practical value to the patient receiving them,” said William F. Jessee, MD, president and CEO of MGMA.

In its comments to CMS, CHIME, which represents more than 1,400 healthcare CIOs, said the standards would be difficult for providers to meet.

“CHIME is extremely concerned about the entire concept of access reports,” said Pam McNutt, senior vice president and chief information officer at Dallas-based Methodist Health System and chair of CHIME’s Policy Steering Committee. “We believe the access logs, report filters, and other technical specifications needed to generate an access report would be inconsistent or nonexistent across many clinical data sources that might be considered part of a DRS.” DRS refers to designated record sets, under the proposed rule.

Related Topics:

Reader Comments (0)Login to Post a Comment