The Future of HIPAA (Part 3 of 3)

It’s time for part 3 of my 3-part blog series on HIPAA now. In part 1, I reviewed some recent HIPAA violations. In part 2, I gave advice for remaining HIPAA compliant while using social media. Today, I discuss the future of HIPAA: precisely, what changes to HIPAA should we expect in the future? 

(1) Revised procedure (“5010”) for electronic administrative transactions

This upcoming change applies to anyone covered by HIPAA who submits administrative data electronically (for instance, electronically submitting patient claims or bills to a health insurance company). Essentially, this change may require covered entities to gather additional data from patients and / or to submit the data in a different format, with the aim of making electronic administrative transactions less prone to error.

There is a strict deadline for compliance: all covered entities must be using the new 5010 guidelines by January 1, 2012.

The American Medical Association provides a good summary of the 5010 changes on their website.

(2) Adoption of Unique Patient Identifiers (UPI)

When HIPAA was enacted in 1996, it included the provision that a unique ID number should be created for each patient and health care provider, and that these ID numbers should be consistent throughout the whole U.S. medical system. In 1998, however, Congress responded to protests by privacy groups by suspending this initiative until further notice. This part of HIPAA had caused a division, with one side arguing that UPI’s were critical in ensuring that patient information could be readily accessed (for instance, in emergency situations) and in reducing administrative bottlenecks (for instance, when a doctor requests test results from another doctor), and the other side arguing that the UPI’s would cause huge privacy issues if lost or stolen (an identity thief could steal a patient’s entire medical history with just one number).

This debate persists, but in 2008, RAND Health published a study called “Identity Crisis: An Examination of the Costs and Benefits of a Unique Patient Identifier for the U.S. Health Care System.” This study recommended the adoption of UPI’s in the U.S. and asserted that using UPI’s would actually increase the security and privacy of patient records.

On their website, the American College of Cardiology provides a good explanation of why they are in favor of UPI’s, pointing to the RAND study as an indicator of the initiative’s success.

It will be interesting to see how this debate unfolds in the future.

(3) Patient Access to Records (NYTimes article)

Perhaps you remember the Seinfeld episode in which Elaine frantically tried to view her medical file after noticing the word “difficult” written in it. She even tried to steal the file from her doctor’s office! This situation tapped into the anxiety that people feel about their medical records: your medical records contain highly personal information about you, but you might never get to read them.

Ironically, this Seinfeld episode aired in 1996, the same year HIPAA was enacted. Now thanks to HIPAA, patients in the U.S. are entitled to view their medical records. This does not mean, however, that patients take advantage of this entitlement. In fact, many patients still never see their medical records because it is simply too complicated to request them.

From a doctor’s perspective, it can be worrisome to imagine a patient reading his or her medical record — what if the patient simply does not understand some of the doctor's abbreviations? This could lead to miscommunication. (Read this great New York Times article for more on this.)

Currently, a project is underway called Open Notes. Three healthcare centers (and a total of 25,000 patients) are participating in the project including Geisinger Health System in Danville, PA. Open Notes offers an online portal where patients can view their doctor’s notes following visits, phone calls, and other correspondence. The goal of Open Notes is to see whether patients and doctors enjoy having this open access to patient records.

I'm curious to see the results of the Open Notes project, and if we will see easier ways for patients to access their medical records in the future.

Ultimately, we cannot predict all the ways that HIPAA (and our enforcement of HIPAA) will evolve in the future. I am confident, however, that just as technology continues to change, HIPAA and our HIPAA practices will also adapt so as to better protect patient privacy and security.

Thanks for tuning in for my 3-part HIPAA blog series! Don’t forget to visit the Resources section of our website for tips on ensuring that your email system is compliant. If HIPAA affects you, you’ll be especially interested in reading our whitepaper, “In the Labyrinth of Regulatory Compliance: HIPAA.”

– Jane Bolton Lacombe
Jane is the Product Marketing Coordinator at Messaging Architects.