[ Tuesday, March 17, 2009 ]
Stimulus Bill Potpourri for $500, Alex:
There's also a passel of additional HIPAA junk in trunk of this bill:
Other Specific Disclosure Rules. There are several additional rules included in the HIPAA provisions of ARRA intended to address specific situations. A patient may now require his doctor not to disclose information to his insurance plan if the patient pays in cash. The existing “minimum necessary” rule continues to apply to non-treatment disclosures of PHI, but the “limited data set” requirements (removing most indentifying information from the PHI) are now treated as the baseline for determining what is the minimum necessary information. The definition of marketing has been significantly tightened by removing many communications from the definition of “health care operations.” Individuals must be given a clear and easy way to “opt out” from receiving fundraising information. Companies that sell electronic “personal health records” (electronic record sets that are primarily controlled by the individual, such as the Microsoft/Google product “HealthVault” or AHIMA’s “myPHR”) are subject to specific breach notification rules. Health information exchanges are specifically defined as business associates.
Probably the most interesting part is the "hide" rule that lets the public cheat their insurance companies by hiding their real health condition. This could have some big unintended consequences: what if a patient hides information from his insurer, so that the insurer later refuses to cover a particular condition or provide a particular treatment because it rules the treatment unnecessary for any patient who hasn't had the treatment that was hidden? The new marketing rules may also have some unintended consequences -- we will see.
Jeff [5:42 PM]
Blogger: HIPAA Blog - Edit your Template