Specialized Resources Available to Researchers
The Health Insurance Portability and Accountability Act (HIPAA), effective April 14, requires all health care organizations to implement new privacy standards protecting the confidentiality, privacy and integrity of individually identifiable health information.
This means that BWH patients will receive a privacy notice upon registration or check-in (along with their consent to treat form). The privacy notice will inform patients of their new and expanded rights regarding their health information under HIPAA. Training is currently in the planning stages with all practices’ front desk staff to obtain patients’ written acknowledgement of receipt of the Privacy Notice and to prepare them to respond appropriately to patients’ questions and concerns.
The mandate may result in increased requests on behalf of patients to access their health information; amend their existing medical record; restrict communication involving their medical information; request a record of disclosure; or place a complaint of a violation of their privacy. Patient requests must be directed to the BWH Patient Relations Department. Physicians may play a role in responding to each of these newly communicated rights, if the patient chooses to exercise them.
1. The physician is most likely the person from whom the patient will request access to their medical record, and will forward all written requests to Health Information Services (HIS).
2. Physicians may be required to make judgement calls to whether or not amendments requested by the patient to his or her record are legitimate.
3. Physicians will often be the individuals who must honor requests for alternate means regarding communications (i.e., the patient may want messages regarding his or health only left on a home voicemail).
4. Physicians should be prepared to make available documentation detailing when and to what party (including mandated communication to regulatory agencies) a patient's health information was disclosed. A central tracking system is currently in development by BWH Information Systems.
To prepare for such changes and to be ready to answer patient questions related to this mandate, all BWH staff members (including clinicians) are required to complete HIPAA core privacy training. The training will also help staff to identify what is considered a breach of patient confidentiality once HIPAA goes into effect. All of BWH’s workforce must be trained by April 14.
For those physicians and researchers who have not yet participated in the group training sessions offered at BWH, a computer-based training module will soon be available. The live date of the module, uniquely designed for BWH physicians that can be completed in 30 minutes, will be communicated via email shortly. In the most recent Staff Survey conducted at BWH, physicians reported that computer-based applications work best with their schedules and workstyles (more than half of physicians completed the 2001 Staff Survey online).
BWH has written policies regarding HIPAA privacy. All privacy policies will soon be available on the BWH Intranet. Check HIPAA Central on Partners Pulse for PHS policies and additional information regarding HIPAA privacy. For more information, contact Jackie Raymond, BWH privacy officer, Debra Polansky, BWH HIPAA project manager, or Karen Nelson, executive director of Risk Management and Compliance at BWH.