April 14, 2003

Preparations All Set, As New Federal
Health Care Regs Go Into Effect
By Richard Veilleux & Kristina Goodnough

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was designed to make health insurance coverage "faster, cheaper, better," says Susan Bartlett, head of the Speech and Hearing Clinic at UConn.

But for UConn and other health providers across the nation, it also is making life more hectic as they race to meet the April 14 deadline for training hundreds of providers how to follow new privacy guidelines, collect data, and fill out new, standard health care forms that are, among other things, embedded in the Act.

A national set of regulations that address the security, privacy, and confidentiality of patient medical information, the Act does not limit a health care provider's ability to use patient information for the patient's treatment, billing, or healthcare operations, such as training or quality control. But it does set very precise standards for all other uses, including the storage and transmission of identifiable patient information.

Right to Privacy
All patients must be informed of their privacy rights, and health care workers from physicians and nurses to researchers and billing personnel are required to protect those privacy rights. Nurses, for example, need to know health information about patients on their unit, whom they care for, but not facts about patients on other units. Billing staffers need access to information about a patient's current visit but not the patient's entire history, to be able to submit a claim for current services rendered.

A physician teaching a lesson, a faculty member, or graduate student working with a client at the UConn Health Center, or the Speech and Hearing Clinic or Physical Therapy Center in Storrs, cannot identify a patient by name or date of admission to conduct the lesson. Trainers in the Division of Athletics cannot reveal the extent of an athlete's injury or the player's name without the student-athlete's permission.

The Act also prevents doctors, insurance companies, and pharmacists from sharing a patient's name and address to other entities that may wish to market their products to the consumer.

Achieving Compliance
UConn officials have been working with Kevin Borgstedt and Donald Miliaresis, consultants with the firm of Keane Inc. of Rocky Hill to implement the new regulations.

Although the procedure has been labor-intensive and time-consuming - staff in Student Health Services have been working on compliance with the Health Insurance Portability and Accountability Act for 18 months - it is worth it, say Bartlett and Michael Kurland, director of Student Health Services.

"It's very positive," says Kurland. "This has freed us to codify a number of policies, and it's good for everybody's (privacy) protection."

Health care consumers either have or will soon receive privacy policy statements from their doctors and insurance companies, and will have to acknowledge that they have received the material.

Students visiting Student Health Services during the remainder of the semester also will receive the form. Beginning in May, students must complete on-line forms verifying they have insurance and acknowledging that they have read the HIPAA privacy statement.

Both Student Health Services and the Speech and Hearing Clinic also will undergo renovations to further protect patient privacy. All five areas affected in Storrs - the Speech and Hearing Clinic, Student Health Services, the Division of Athletics, Emergency Medical Services, and the allied health program - as well as the Health Center, also will receive assistance, including software support, to keep patient data away from prying eyes. HIPAA guidelines specify that security issues must be dealt with by March 2004.

The cost of training, renovations, and new equipment is being covered by the state.

Training Programs
At the Health Center, staff have spent months developing policies and adapting to internal processes to comply with the new regulations. That effort has resulted in 32 new or revised policies that address areas ranging from patients' rights to the approved use of e-mail by health care providers.

"For the past three months, we have been rolling out HIPAA privacy training in stages covering all levels and roles within the Health Center, from physicians to facilities to researchers," says Iris Mauriello, the Health Center's corporate compliance, integrity/privacy officer. "It's been one of the most broad-based training programs in the Health Center's history."

The law has also required a massive retooling of the Health Center's information technology system to comply with the law's requirements for standardized, electronic transmission of administrativ e and financial transactions long carried out manually on paper.

"Everybody, from Medicare and Medicaid, to third party case managers and medical transcription services and other vendors, has had to adapt to a standardized form for exchanging information electronically," says Mauriello.

"Significant effort has been made over the past year by all areas in the Health Center to get us where we are today," she adds. "It's been a truly successful effort."

Training will be an ongoing need, says Bartlett, noting that her clinic trains and prepares dozens of graduate students each year to become clinicians after graduation. During training, students work with patients at the clinic, so they must also receive HIPAA training before they begin working there.