THE IMPACT OF THE HIPAA PRIVACY REQUIREMENTS ON PHYSICIANS

 

PART ONE:  AN OVERVIEW

 

 

            This is the first in a series of articles that will address the impact of the final privacy regulations recently promulgated by the Federal government pursuant to the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"). 

 

            The HIPAA privacy regulations require certain "covered entities" to follow an elaborate set of rules regarding the use and disclosure of individually identifiable health care information (also referred to as "protected health information").  Since physicians are specifically included in the definition of "covered entities" for purposes of HIPAA, they will have to implement the policies and procedures mandated by HIPAA by the Federal government's April 14, 2003 deadline.

 

            This deadline may seem far away.  However, there are many reasons why physicians should immediately begin a HIPAA compliance process.  Hospitals and health systems are already working on HIPAA compliance out of a concern that it will be difficult for them to become compliant by the deadline given the scope and complexity of the HIPAA privacy requirements.  Physicians, who typically have less resources available to them than hospitals and health systems, will need even more time to become compliant.  While the April 14, 2003 compliance deadline does offer a grace period from Federal sanctions under HIPAA, there is also the very real risk in the meantime that non-compliance could result in exposure to lawsuits by individual patients if their health information is misused or mishandled.

 

            While many health care providers initially deferred compliance efforts in the hope that the Bush Administration might delay or significantly reduce the HIPAA privacy requirements, it is now clear that the Bush Administration intends to implement the privacy regulations as written while issuing clarifications and modifications as necessary to avoid unreasonable burdens being imposed on health care providers.  While lawsuits have been filed around the country by various parties challenging the enforceability of the HIPAA privacy regulations, it would be a huge gamble for health care providers to ignore compliance with these requirements in the hope that they may someday be overturned by a court.

 

            In future articles, I will address the scope of the HIPAA requirements, how they specifically apply to the physician community, and steps physicians can take to begin the HIPAA compliance process in a cost-effective way.  In the meantime, if you have questions about HIPAA and its requirements, you can contact the author at Tonusko@arterhadden.com.

 

                                                                                    Thomas J. Onusko

 

(Mr. Onusko is a Partner in the law firm of Arter & Hadden and Chair of the firm's Health Care Practice Group.  He has over 20 years experience advising health care providers in legal and regulatory matters.  Mr. Onusko is also an adjunct professor in health care law at Case Western Reserve University School of Law and The Cleveland State University School of Business Administration – Health Care Administration Program.)