On August 21st, 1996, President Bill Clinton signed the Health Insurance Portability and Accountability Act (HIPAA) into law. For those of us who have been in healthcare for some time, we can’t imagine live before those five letters came into existence. What is it and what has been accomplished during these 20 years? Read more here.
CVS Health and the VA were the two entities who had the most HIPAA privacy complaints filed against them from 2011-14. I was surprised at CVS. Were you?
Those of us who have been working on ICD-10 (very painful—-oops, Freudian slip) implementations know CMS mandates the use of standard code sets on HIPAA-covered transactions by HIPAA-covered entities.
What about LOINC code? Do you even know what this is?
It appears we are getting one step closer to CMS mandating the use of LOINC codes on lab related transactions.
Are we in for an ICD-10 related kind of implementation? How much of a change is it for those impacted?
In the era of increasing digitization of healthcare data and a greater call for interoperability of said data, have we reached a tipping point to finally begin implementing a unique identifier for everyone in the United States? Say, something similar to what was implemented several years ago for providers–NPI or National Provider Identifier. This one would also be an NPI but for National Patient Identifier.
Is this even possible?
Did you know that the idea for a ‘national patient identifier’ was a part of the original 1996 HIPAA legislation. However, this piece stalled and was later removed due to concerns voiced by privacy stalwarts. We have been dealing for years–even decades–with stolen identities and hijacked sensitive personal data having everyone on edge. (Remember the days when our social security number was floating around EVERYWHERE? At one time, I even had my SSN printed on my personal checks!) However, this key piece of identifying information does throw a (pretty large) monkey wrench in trying to match up health IT data coming from within and outside an organization. This hampers overall interoperability efforts especially w/HIEs.
Most provider entities (especially hospitals and health systems) have quite a time w/their MPI (Master Patient Index) as it is. Before I worked at a large health system implementing their EMR solution, I was clueless as to how hard this can be. For example, take a common name such as John Smith. What if John is admitted to the hospital and tells the registration clerk his nickname, Johnny, and doesn’t have his insurance card on him but knows he has Blue Cross. The registration person enters Johnny Smith into the system. What about if this same patient uses another derivation of the name, Jonathan, his full name but it differs than what is on his insurance record. If this same person comes in for a follow-up visit in two weeks and has moved and gives his name as Jonathan but the registration clerk miskeys his name and enters Johnathan (w/an h)? This is all the same person but he has three different first names and at least two different addresses. All for the same patient. How is an organization to know that this is one person? Here’s an interesting article that delves a bit further into this issue.
Most of us know that HIPAA has a section specifically for privacy and security. But is it really enough to keep our PHI out of nefarious hands? What if the device containing PHI is encrypted but the medical worker was forced to give up his/her password during the commission of a crime. HIPAA worked but PHI was still stolen. What kinds of safeguards can be legislated?
It will be interesting to see what the industry comes up with regarding this and then what CMS legislates accordingly.