Return to Archived Stories

The new privacy rules are required by a federal law - the Health Insurance Portability and Accountability Act or HIPAA - that requires health care providers to enact stricter privacy regulations by Monday, April 14.

Minnesota has been rated as a top state in patient confidentiality and privacy for years, said Rose Welle, health information manager at PAHCS. Only recently did California pass Minnesota as the top state in patient privacy, said Welle. "We've been ahead of the game for years," she said.

Still, writing the privacy policy and procedures for the new HIPAA requirements took a long time, said Welle. And, in addition to informing patients about the new policy, PAHCS has had to conduct staff training, the first task for its new staff development coordinator, Kella Bugbee.

For instance, the new federal requirements demand that patients be able to see their medical records. "In Minnesota, you always have had access to your medical records, but you need to do it in my presence," said Welle.

"There were some states that didn't have privacy regulations, and (HIPAA) makes them raise their standards," said Bugbee.

In doing the staff training - which will be ongoing to accommodate for new staff and for any future changes to PAHCS's privacy practices - Bugbee has been reminded how important confidentiality is in health care, especially in a small community. PAHCS will require its business associates - and members of the clergy - to abide by these privacy practices, too.

Employees will have a minimum standard for access to patient information, meaning that they can only access the information that they need to do their job. Other parts of the patient's chart are off limits, said Bugbee.

PAHCS's privacy practices state: "The privacy of your health information is important to us. We are required by federal and state laws to protect the privacy of your health information."

According to the policy, PAHCS may use and disclose protected health information to coordinate and provide medical treatment, to bill and collect payment for treatment, and for quality assessment. PAHCS may disclose health information to notify family members or to inform a family member or friend identified by the patient as to the patient's medical condition.

To use health information for research or marketing requires authorization from the patient.

PAHCS will also offer a patient's name, location, and general condition to members of the clergy and to people who ask for that patient by name, unless the patient notifies PAHCS that they object to this.

PAHCS will still release health information as required by law; as necessary for public health activities; in cases of abuse, neglect, or domestic violence; for law enforcement purposes; as it relates to products regulated by the FDA; and for certain other reasons.

Patients also have the rights to request extra restrictions to disclosure of their health information, to request communication by alternative methods, to see and copy their patient and billing records (though PAHCS can charge for this), and to request amendments to their medical file (which PAHCS may or may not grant).

A copy of the new privacy practices for PAHCS will be available to all patients. All hospital patients and nursing home residents will have to sign the acknowledgement of receipt of the notice of privacy regulations before Monday, April 14. Other patients will be offered the new information policy and will be asked to sign the acknowledgement when they visit PAHCS next for health care.

"We are not doing a mass mailing. We're just doing it as they come in," said Bugbee.

HIPAA requirements for standardized billing take effect in October 2003, and extra security requirements in April 2005.