Book Summary:
Privacy relates to power. When one person has the private information of another, that other person loses some control. This power perspective sheds light on the intense conflict that surrounds the flow of health information. Recent Federal regulation mandates certain behaviors by healthcare entities as regard the flow of health information. This book describes how healthcare entities are complying with those regulations. The Privacy Rule gives the patient strong rights over his or her information and requires healthcare entities to reassess their ways of communicating and to institute systematic privacy controls. This book begins with an explanation of the privacy problem and then has four main parts: 1. Rule,
2. Implement,
3. Manuals, and
4. Government. Part I. Rule describes the content of the Privacy Rule: * The Context chapter explains the evolution of the Privacy Rule, to whom it applies, and enforcement. * The Patient-Entity chapter presents the relationship between the patient and entity (such as authorization and opportunity to object). * The Entity describes what happens inside an entity. (such as the minimum necessary standard and privacy officer). Part II. Implement includes chapters entitled Costs, Life Cycle, and De-identification. The Costs chapter examines the costs of compliance for every provision of the Rule. The costs of the privacy official and the minimum necessary standard are the largest budget items. The chapter provides a road map to implementation by delineating each role involved in each compliance activity and the likely amount of time required for that role to perform its privacy function. The costs of compliance for large versus small hospitals are also examined. Shockingly, the cost per bed for small hospitals is an order of magnitude greater than for large hospitals. One implication is that small hospitals are behaving like large hospitals as regards compliance but should scale their efforts downward so as to reach a more manageable level of cost in achieving compliance. The Life Cycle chapter first reviews the nature of compliance in an entity and then illustrates the compliance activities at several healthcare entities. The De-identification chapter describes the Safe Harbor Method and statistical methods for converting protected health information into information that can be freely shared with anyone anytime. Part III. Manuals has chapters entitled Small Entity, Large Entity Tools, and Large Entity Forms. The Small Entity chapter includes an entire compliance manual for a small healthcare entity. That manual is entitled HIPAA in 24 Hours because implementing compliance can be completely handled with 24 hours of staff time. Compliance for the small entity can be simple. The chapter Large Entity Tools examines software tools used to support privacy compliance. The chapter Large Entity Forms presents forms for a large entity. Generally, the components of the manual for the large entity are larger than their analogs for the small entity. For example, the Notice of Privacy Practices for the small entity is one page, but the Notice for the large entity is several pages. The final Part IV. Government has a chapter on Politics and another on Other Regulations. The Chapter Other Regulations looks at other federal and state laws that affect privacy and relates them to the HIPAA Privacy Rule. The Politics chapter begins with a section entitled Self-Governance which calls on entities of a type (particularly small entities) to work together to define the common practice for that entity type. The point is that enforcement of a compliance regulation in healthcare is likely to lean heavily on peer practices. If healthcare peers reach a consensus on acceptable compliance behavior, then they will have proactively determined how they will be judged in court. The Politics chapter also examines the national lobbying that occurs for changes to the Privacy Rule. This lobbying is bound to continue. The best one can to do deal with this is to understand what the basics and to monitor the lobbying. Privacy of health information is a concern for everyone. This book describes how the health care industry is addressing that concern and provides recipes for compliance with the HIPAA Privacy Rule.
This book begins with an analysis of the Privacy Rule. Then a complete manual for a small healthcare entity is presented about which Donna Rieck, R.N., M.H.A., says:
the best HIPAA manual possible. The information is just what is needed -- put in easy-to-read, understandable terms with great sample forms and other helpful aids.
In the chapter Scaling-Up a model for implementing and maintaining privacy compliance shows many interesting tradeoffs. The implementation cost can be cut in half by reducing training time per person. Entities benefit from economies of scale and are challenged to work together and simplify solutions. |