2000 AJN Table of Contents

AJN Home Page

Other ANA Columns this Month:

Washington Watch | Issues Update | Health & Safety | Workplace Rights

Issues Update

American Journal of Nursing - August, 2000 - Volume 100, Issue 8

Keeping Secrets Secret
Legislation to secure patient privacy and confidentiality is still needed

by Stephanie Reed

The routine use of computers, phones, and faxes by health professionals, hospitals, and insurers has greatly simplified the recording and transferring of information. However, these technological advances have also created new challenges; foremost among them is the protection of patient privacy and confidentiality. It has become all too easy for medical diagnoses, prescriptions, or insurance information to be obtained by anyone who walks by a fax machine or logs on to a computer.

The possible consequences of this lack of privacy are worrisome. Patients may fear that the release of personal health information—including the results of genetic testing—could result in embarrassment, job discrimination, or even the loss or denial of health insurance. Such uncertainty could undermine the relationship between provider and patient, making patients less forthcoming about their health care concerns, and thereby threatening the quality of care they receive.

Currently, no federal law or regulation exists to protect patient privacy and confidentiality. However, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) required the U.S. Department of Health and Human Services (DHHS) to put forth regulations to protect privacy of personal health records if Congress didn’t ratify a privacy law within three years of the HIPAA’s enactment. Because Congress was unable to reach agreement on a new law, the DHHS issued its proposed regulations in October 1999. Still under debate, the final version is not expected to be published until October 2000, at the earliest, after which there will follow a two-year implementation period.

THE REGULATORY APPROACH

After President Clinton announced the proposed regulations last October, a four-month “comment period” ensued. During this time, the DHHS received responses from more than 40,000 interested parties nationwide, including the ANA.

Noting that virtually all of its membership is involved in creating, transmitting, maintaining, and safeguarding patient records as an integral part of its professional practice, the ANA pointed out that nurses are professionally committed to strong, enforceable standards that protect the confidentiality of their patients’ health information.

“In some ways, these initiatives are no-brainers for nurses,” says ANA Treasurer Rebecca M. Patton, MSN, RN, CNOR, who joined President Clinton at the White House press conference at which the proposed regulations were unveiled. Patton offered the ANA’s perspective to reporters, focusing on the organization’s commitment to establishing privacy and confidentiality protections for health records.

“Our ethical mandate to protect patients is so ingrained that we respond almost instinctively to the call for preserving this basic right to patient privacy and confidentiality,” Patton says.

The proposed privacy standards would allow the exchange of necessary health information among health care professionals for the purposes of treatment and payment, but appropriate privacy safeguards regarding the use and disclosure of information would be provided. During the comment period, the ANA addressed several concerns, offered recommendations for modification and improvement of the proposed regulations, and also provided comments on provisions that should be kept in the final version. Highlighted issues included the need to apply the new regulations to all health records, not just electronic ones; a whistle-blower exception for disclosure of information; the need for special protections of sensitive information such as psychiatric notes; and issues related to the rights of minors.

PROBLEMS REMAIN

Although the proposed regulations provide a good start, more needs to be done. On the day the comment period closed, a congressional hearing noted that the DHHS was restricted by law as to what it could regulate; solving this problem will require additional legislation. Specifically, the regulatory approach authorized by HIPAA applies only to electronically stored information, and only health plans, providers, and clearinghouses would be directly responsible for violations. Furthermore, the regulations don’t provide for a private right of action if a consumer’s rights are violated.

The framework common to proposals for comprehensive federal legislation (such as the DHHS regulations) includes the right of consumers to view their own records; limits on disclosure of medical records with required patient authorization; a requirement to notify consumers of the circumstances of record disclosure; provisions dealing with access for research purposes; access for law enforcement officials; preemption of state laws; and enforcement remedies, possibly including a private right of action as well as civil and criminal penalties for egregious violations.

Despite widespread agreement that such legislation is necessary, several contentious issues are unresolved, effectively putting legislative action on hold at least until the next Congress convenes in 2001. These issues include the extent of the preemption of state laws; the nature of patient authorization and informed consent; possible costs to those in the private sector; restrictions on adolescent confidentiality; insulation of employee health records from employers who provide health benefits; and problems unique to mental health patients, such as involuntary commitment.

THE ANA’S POSITION

This June, the ANA Board of Directors approved a position statement on patient privacy and the confidentiality of health records and information. The statement also defined the nurse’s role in protecting these elements—especially in the face of technological advances that affect information transmission and storage. Development of the position statement was called for in a 1999 ANA House of Delegates resolution, which also required distribution of the final statement to members and other relevant groups.

The new ANA position paper states that a patient’s right to keep identifiable health information private should be established by law. It goes on to assert that patients should retain the right to decide to whom, and under what circumstances, their identifiable health information will be disclosed. Furthermore, confidentiality protections should extend not only to health records, but also to other individually identifiable health information, including genetic information, clinical research records, and psychiatric notes.

In 1995, the ANA House of Delegates approved a position paper on privacy and confidentiality as they relate to electronic data. And in 1998, the ANA Board of Directors endorsed a set of principles related to telehealth that included the confidentiality of client visits and client health records and the integrity of information in the health care system.

The ANA recognizes that technological advances threaten traditional standards of patient privacy and confidentiality, and it supports protection of those standards to maintain the trusting relationship between health care providers and patients. The ANA will continue to work with lawmakers and regulators to make these protections a reality.

“High-quality patient care requires the communication of relevant information among health professionals and health systems,” Patton stated. It is imperative that nurses, as the health care professionals working most regularly with patients and their medical records, contribute to the development of standards, policies, and laws that protect patient privacy and confidentiality.”

Search	Contact ANA	Join/Renew Membership	Members Only	Online CE
NursingInsiderSpecial Offersnursesbooks.org © 2008 The American Nurses Association, Inc. All Rights Reserved Copyright Policy | Privacy Statement