Law triggers clinics to fine-tune privacy procedures

Dylan Thomas

As the April 14 deadline to meet new federal standards for patient medical information privacy nears, University clinicians are in the midst of preparations.

Clinicians must go through privacy training, and clinics such as Boynton Health Service are fine-tuning their privacy procedures.

The changes will not be that significant at Boynton, where a pre-existing emphasis on patient confidentiality coupled with already strict Minnesota state patient privacy laws means current procedures will only need to be tweaked somewhat, clinic officials said.

“It’s a matter of really doing what we have been doing, but being much more aware” of patient privacy, Boynton medical director Marilyn Joseph said.

Much more burdensome will be the amount of time Boynton clinicians will spend to complete the University patient privacy training program, Joseph said.

“Every person in the building has to take two and a half hours out of their time (for the training),” Joseph said. “That’s a lot of time of patient care.”

Clinicians are just one of the University groups rushing to comply with the broad new regulations introduced under the Health Insurance Portability and Accountability Act of 1996, better know as HIPAA.

A byproduct of the act – intended to ease the transfer of health care coverage from one company to another – was needed to set a national standard for the use and transfer of private medical records. All institutions across the country that deal with private patient medical information must comply with the new standards.

Joseph said there will be only small changes in terms of paperwork at Boynton. For example, patients already read and sign a form that details what elements of their health information can be released.

Now, Boynton staff will simply have to update the form to cover all HIPAA regulations in addition to longstanding Boynton policy.

Other minor policy changes are intended to keep staff aware of the importance of confidentiality. For example, Joseph said she must make sure the computer screen in her office is pointing away from the door, or that her door is closed when patient information is on her screen.

Colleen Jahnel, Boynton privacy coordinator, said more changes might be made to the way paperwork is finished when HIPAA’s security regulations need to be dealt with, although the security guidelines were just released.

Ross Janssen, the University’s HIPAA privacy officer, said clinicians at Boynton have to go through three steps in their training. The first is to watch a seven-minute video required for all University employees who might come into contact with patient information.

Next, they must go through a University WebCT course to learn how to keep computer information confidential, estimated to take 70 minutes. There is also an additional 70-minute WebCT course specifically for clinicians, and clinicians who also do research have an additional 70-minute WebCT research-specific course as well.

“The clinical course is focused primarily on procedures, or kind of the clinical setting, and what we need to do to protect patients’ privacy,” Janssen said.

Joseph just completed the online component for clinicians’ HIPAA training this week. She said it took her approximately 90 minutes to complete, less than the estimated two hours the session is supposed to take. But Joseph, who also serves on the University’s HIPAA task force, did have a hand in creating the program.

Approximately 100 of the 254 employees at Boynton had gone through both the video and online training components as of Wednesday night, Jahnel said.

Joseph said Boynton officials finalized a draft of a HIPAA compliance plan in July 2000. But long before Congress even developed the HIPAA regulations, Boynton had taken confidentiality very seriously, she said.

Since at least 1984, when Joseph first started at Boynton, all employees – not just doctors and nurses – have had to sign a patient information confidentiality agreement at their annual review, Joseph said.

“In most clinician’s work Ö it doesn’t end up changing things very much because most places are very careful about confidentiality and privacy,” she said.

Dylan Thomas welcomes comments at [email protected]