Introduction
On December 28, 2000, The Secretary of Health and Human Services issued the Health Insurance Portability and Accountability Act (HIPAA) which contained requirements with regards to the privacy of patient records within a treatment facility. All facilities were given two years to become fully compliant with the HIPPA regulations but it was noted that after the two years elapsed, an overwhelming majority of the treatment facilities were still not in compliance with the regulations. Firouzan & McKinnon (2004) set out to assess the role of the health information manager with regards to the implementation of HIPPA privacy rule within Pennsylvania healthcare facilities as well as to assess some of the issues which were raised during implementation. In so doing, they surveyed Pennsylvania health care facilities. The survey consisted of 20 questions and wherein they assessed the procedures in place for HIPPA compliance, the involvement of the Health Information Managers with regards to setting HIPPA policy, the incidents of confidentiality breaches as well as the perception of privacy rules and regulations.
The findings of the study
Anonymous surveys were mailed to 268 facilities along with self-addressed stamped envelopes and 128 (48%) of those surveys were returned. The sizes of the respondent facilities were as follows: 20% were small facilities, 48% were medium-sized, 10% were large, 7% were described as mental and behavioral health facilities, and 14% were described as other. The data was collected over three weeks. Of the respondent facilities, 91% indicated that they either had an HIM director or the medical records manager within their facility. There, however, were three limitations to this study. The first limitation involved the fact that there was no mandatory compliance to HIPPA privacy requirements involved at the time since the study was completed before the deadline for compliance. This held the potential of affecting compliance in that compliance measures did not have to be in place at the time but they could have been in the process of being impacted and could have been enforced before the deadline. The second limitation involved the fact that the HIM within the individual study facilities could change their perception of HIPPA privacy regulations as the individual facilities came closer to the deadline for implementation. A third limitation of the study involved the demographics of the study facilities. All of the study facilities were located within the state of Pennsylvania. These limitations will be addressed in further studies which will be conducted after the deadline for the implementation of the HIPPA privacy rules.
The findings of the study indicate that HIM professionals were cognizant of the HIPPA privacy rules and did take an active role in assuring compliance measures would be in place on or before the compliance deadline. Much of this involved new responsibilities and they welcomed these new responsibilities. They, however, were very pessimistic with regards to the ability of the new rules to prevent future breaches in confidentiality. One-half of the respondents felt that the rule was not necessary as they would produce the same level of confidentiality protection as afforded by their current procedures. Additionally, many of the respondents felt that it was an unnecessary burden since it effectively and efficiently served to increase the individual employee responsibilities with no evident benefit.
Conclusion
Finally, the body of information obtained through the utility of the surveys proved to be very useful in that it provided some very important information with regards to the barriers to HIPPA privacy rules implementation. It served as a means of gauging the implementation of HIPPA privacy rules and enabling the facilities to focus on their implementation of the mandatory HIPPA privacy rules. Additionally, it served to point out the importance of protecting the privacy of patients especially because privacy issues may deter patients from seeking much-needed services, especially in the mental health arena.