• E-mail
• Print
• RSS

GAO looks at first-year experiences under privacy rule

HIPAA Weekly Advisor, October 18, 2004

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

For most providers and healthcare plans, first-year implementation of the privacy rule regulations went more smoothly than expected, according to the Government Accountability Office (GAO). The GAO interviewed officials from 23 national organizations representing healthcare consumers, providers, health plans, state officials, public health agencies, researchers, privacy professionals, and a healthcare accrediting body.

Providers and health plans reported that procedures to meet privacy regs have become routine for their staff. However, they still have difficulty with accounting of disclosures and the business associate agreement requirement, according to the GAO's report.

Organizations such as state health departments and research groups complain that the privacy rule hinders the flow of information and impedes their processes. The general public also still knows little about their rights under this rule, evidenced by the nearly 6,000 complaints to the Office of Civil Rights, half of which fell outside the scope of HIPAA or did not describe a true violation.

As a result of the findings, the GAO recommends that the Department of Health and Human Services does the following:

• Inform patients of mandatory disclosures to public health authorities in privacy notices and exempt such disclosures from the accounting requirement
• Conduct a public information campaign to educate patients about their rights and more effectively disseminate information about the rule

Go to the GAO Web site to read the full report.

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

• E-mail to a Colleague
• Print
• RSS
• Archive