It is important to be familiar with federal and state legislation governing patient medical records.
There are several laws designed to protect Americans’ personal health information. Patients have the right to privacy, and they have the right to have the information shared with healthcare providers who will use it with discretion in the patient’s best interest. If you have or are considering a career in health informatics, it is important to be aware of federal and state laws so that Protected Health Information (PHI) remains secure when stored and transmitted by electronic health record systems.
Privacy Act of 1974
The Privacy Act of 1974 regulates information collected by the federal government and its agencies. The legislation allows citizens to know what information is collected about them, assure the veracity of that data and obtain copies of the information. The Veterans Health Administration and Indian Health Services are subject to these regulations.
Alcohol- and Drug-Abuse Patient Confidentiality
The Confidentiality of Alcohol and Drug Abuse Patient Records rule allows for additional privacy in any federally assisted drug or alcohol-abuse program. Identity, diagnosis and treatment are treated as confidential information. Patient impairment does not excuse release of confidential patient information.
Conditions for Coverage of Specialized Services by Suppliers
The Conditions for Coverage of Specialized Services by Suppliers is part of Medicare laws that govern providers and requires that all PHI be kept confidential and protected against loss, destruction or unauthorized use.
This information requires the written approval of the patient before it is used or forwarded. Hospitals must protect this information against unauthorized use and current Electronic Health Records allow for monitoring and securing data.
Patients always have a right to access their records; an institution is allowed to charge a usual and customary fee for paper copy costs. These laws extend to home health agencies and long-term care facilities.
Institutional Review Boards
Institutional Review Boards are governed by state and federal laws and require informed written consent and data security and privacy.
State laws vary and may include special requirements with regard to drug and alcohol treatment, special disease states and mental illness.
The Joint Commission on Accreditation of Healthcare Organizations (JCAHO) is a private organization that has been used since 1965 to accredit hospitals and facilities, which allowed for their participation in Medicare.
In 2010, the process changed to provide for review by Centers for Medicare and Medicaid Services (CMS) prior to facility participation. JCAHO has had varying ability to control and determine rules related to patient care, several of which pertain to PHI confidentiality. These rules are constantly under review and have included a large number of recent revisions coinciding with the increasing prevalence of EHRs.
The Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 empowers the Federal Department of Health and Human Services (HHS) to oversee the promotion of Health IT – including quality, safety and security as well as the secure information exchange.
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 was enacted to allow for continuance of health insurance coverage in situations involving job changes or loss. Major provisions of this law were enacted to formulate and regulate federal guidelines and standards pertaining to electronic healthcare. Standards were developed to allow for identifications of providers, health insurance plans and employers, including the National Provider Identifier Standard (NPIS), which provides every physician with a unique number used in all aspects of healthcare.
Affordable Care Act
The Affordable Care Act of 2010 was set up to fundamentally change the way people are insured; goals include lowering healthcare costs and making coverage accessible to previously uninsured people. The law is undergoing major changes as issues with its implementation are encountered. Final resolutions should be expected in the coming years as interpretations of its standards are developed and enacted. As revisions are implemented, there may be many changes to the way healthcare is delivered, including control of PHI.
The Food and Drug Administration Safety and Innovation Act (FDASIA) of 2012 resulted in the collaboration of the HHS and FDA to recommend a regulatory framework for Health IT to improve mobile applications and other means to promote patient safety and innovation in healthcare delivery.
Many federal and state regulations affect the health informatics field. Because the measures were developed in isolation at different times, there is some conflicting legislation with regard to patient care and the collection and maintenance of patient records. Familiarity with these laws and their implications is paramount for improved functioning in the promotion and development of computer-based patient-care systems.
The Medicare Access & CHIP (Children’s Health Insurance Program) Reauthorization Act of 2015 is intended to ensure that physicians are paid fairly, that Medicare Part B costs are controlled and that healthcare is improved.
The passage of MACRA in August 2015 signaled a move away from the Sustainable Growth Rate (SGR) Formula once used to determine physician reimbursement and toward a model based on the quality, efficiency, value and effectiveness of the medical care provided. In addition, MACRA also will combine existing quality reporting programs into one new system.
21st CENTURY CURES ACT
The 21st Century Cures Act, passed by both houses of Congress and signed into law by President Obama in December 2016, covers many facets of healthcare. The goals for all, though, are the same: to “help modernize and personalize health care, encourage greater innovation, support research, and streamline the system,” according to the act’s mission statement.
Among the ways those goals will be sought are by the discovery of cures in basic science; streamlining the drug and device development process; and unleashing the power of digital medicine and social media at the treatment delivery phase.