Medical privacy rules get an update

by Ricardo Alonso-Zaldivar, Huffington Post

Those medical privacy rules you run into at hospitals, pharmacies and in your own doctor’s office are getting an update.

Regulations unveiled last week by the Obama administration create new information rights that should make life easier for consumers. They also tighten restrictions on medical service providers trying to use patient information for marketing, and they greatly expand the list of businesses that can be punished for unauthorized disclosures.

"The government has taken pretty dramatic steps to strengthen privacy protections that previously existed for consumers," said Dianne Bourque, a Boston lawyer specializing in medical regulation. The long-awaited rules carry out a 2009 law promoting electronic medical records and updating federal privacy protections.

On the privacy front, doctors will now have to get prior approval from patients to pitch new medications or medical devices if those pitches are being paid for by a drug company or manufacturer.

For example, sometimes a pharmaceutical company will pay doctors to send all their heart patients a letter about a new medication. It may not be readily apparent to the patient that the drug company is compensating the doctor for sending the update.

The rules also create new rights for consumers.

For instance, you should find it much easier to get your medical records electronically instead of on paper. Up to now, some doctors and hospitals have been able to avoid providing records electronically by saying they don’t have the capability.

"They won’t be able to default to, ‘Sorry, we can’t send this to your home (computer) system; we have to give you a paper copy,’" said Susan McAndrew, a government lawyer who oversaw the regulations at the Health and Human Services Department.

Another welcome change: with your permission, your doctor can share your children’s immunization records directly with a school. That simple tweak to existing rules will save parents from having to shuttle forms back and forth.

And, if you pay cash for a medical service, you can tell the doctor not to share information with your insurer. The sensitivity sometimes arises with people paying out-of-pocket for mental health counseling, McAndrew said.

The onus of complying with the new rules will fall mainly on the health care industry and contractors. One of the most notable changes is that companies that provide support services to doctors and hospitals will now face steep penalties for unauthorized disclosures of patient information.

"The compliance bar for folks who work with health care providers is much higher now," said Bourque.

The rules take effect at the end of September, after a period for health care service providers to learn the new requirements.

The original federal privacy law, the Health Insurance Portability and Accountability Act, known as HIPAA, dates back to 1996.