Health Information Compliance Alert

Published on Mon Nov 08, 2004 PDF

Privacy rule puts a damper on burn victims' fund

Firefighters contained the destructive wild fires that ripped through southern California last year, but many burn victims have yet to receive financial relief, thanks to the privacy rule's clamp on information flow, the San Diego UnionTribune reports.

The Burn Institute has allocated $100,000 to provide counseling, financial aid and other support for those burned in last October's fires, but it can't track down the victims, says Jim Floros, the institute's executive director.

While the University of California-San Diego Medical Center has a list of burn patients, it cannot pass that list on to the Burn Institute without a treatment relationship. Instead, the institute has routed letters to the victims through the medical center. The problem is that many either have not responded or don't understand that money was donated to the institute to help with their recovery, Floros explains.

"[The institute has] been a huge help to me, and I imagine it would be a huge help to other people who haven't been as lucky," said Chuck Paul, who was hospitalized with second- and third-degree burns for a month. Paul didn't hear of the Burn Institute's funds until August of this year.

Lesson Learned: If your patients are seeking relief, they can contact the Burn Institute at (858) 541-2277, Floros says. Any victims who respond will be verified before the aid is awarded, he notes.


CMS sets compliance deadline in stone

Confused about when you must be in compliance with the HIPAA security rule? You're not alone.

The Centers for Medicare and Medicaid Services issued clarification Oct. 21 through its outreach listserve that the security rule compliance deadline is April 20, 2005. The published final rule sets the deadline as both April 20 and April 21.

The Bottom Line: The security rule compliance cut-off date is quickly approaching. You can stay abreast of CMS's security rule news by signing up for the listserve. Simply go to www.cms.hhs.gov/hipaa/hipaa2, scroll down to the Educational Materials section and click on HIPAA Outreach Listserv.


Did your staff turn you in to the feds?

Complaints continue to roll in to the Office for Civil Rights (OCR) and the Centers for Medicare & Medicaid Services (CMS), but do you know who's grumbling? It's not just your patients, experts told members of the American Health Information Management Association (AHIMA) Oct. 11 at its annual convention.

Privacy complaints total 8,100 and are coming in at about 100 per week, acknowledged WEDI SNIP co-chair Sue Miller of HIPAA and Health Care Information Services in Concord, MA. A solid 50 percent of those grievances originate from offices, hospitals and other covered entities - your staff, students and volunteers, Miller noted. And almost 1,300 of the complaints deal with security-related problems, she reported.

Both OCR and CMS are actively working toward industry-wide compliance with all aspects of the HIPAA regulation. The justice department is handling numerous privacy complaints and five unnamed entities have submitted action plans to CMS to correct their TCS rule bungles, experts informed conference goers.

The Bottom Line: While regulatory enforcement isn't the beast you thought it'd be, you will feel its teeth if you fail to comply with the regulation's demands, experts warn.