MUSCMedical LinksCharleston LinksArchivesMedical EducatorSpeakers BureauSeminars and EventsResearch StudiesResearch GrantsGrantlandCommunity HappeningsCampus News

Return to Main Menu

HIPAA to impact everybody in health care

Computerized patient records are readily accessible to a wide range of personnel including specialists, insurance carriers and office and record-keeping personnel. But with this increased ease of access is an increased potential for wrongdoing. Fortunately, the technology also exists that documents each access to the health information here at MUSC.
 
The federal mandate called the Health Insurance Portability and Accountability Act (HIPAA) has set new patient Privacy and Security Standards to which MUSC and other health care institutions must comply during the next couple of years. A part of this mandate requires audit trail capability, so that access to electronic health information is monitored. Another standard in the HIPAA mandate is the Transaction and Code Sets that will change the process of handling medical claims utilizing electronic commerce. This standard compliance deadline is more urgent—next year.
 
T. (for Tericia) Rossiter, MUHA's new information security officer, is charged with learning the newly published Privacy Standard and creating an information security program that ensures MUHA compliance. 
 
Rossiter comes to MUSC with 12 years experience as a registered nurse and a master's in health administration and business administration with an emphasis in management of information systems and marketing. Her broad background will be essential as she begins to work with MUSC service areas from CCIT to the main hospital to develop a plan for implementing the HIPAA regulations.
 
Learn that acronym—HIPAA. People will be tossing it around in serious conversations and committee meetings well into the medical center's future.   The HIPAA Privacy regulations have established a new federal floor for privacy and it is expected that the Joint Committee on Accreditation of Healthcare Organizations (JCAHO) will adopt these criteria into the JCAHO survey. 
 
“While HIPAA is a federal mandate, privacy and security of patient information is important for ethical, legal and moral reasons,” said Rossiter. “Health care requires the exchange of personal, often sensitive information between an individual and a practitioner. It is vital for the patient to trust that the information shared will be protected and kept confidential. These regulations will improve the quality of patient care at MUSC.” 
 
“The program is focused on health information that can be used to identify a patient, such as name, address, a medical record number, Social Security number, diagnosis, even a phone number. This protected health information could be in the form of paper or electronic medical records, insurance claims, or even verbal communication about a patient's condition.” 
 
Rossiter expects HIPAA to impact just about everybody in health care, from patients to physicians, from hospital operations to revenues. “An audit trail system tracks who has had access to patient information, when, and what form was looked at, and will recognize unauthorized access to a patient's medical record,” she said. To reassure employees of MUSC, Rossiter is auditing the records of all employees admitted to MUSC to check for any 
unauthorized access.
 
Her advice: “Keep your computer log-on passwords confidential. Don't share them, and change them periodically. The audits are based on the individual's logged on ID.”
 
“MUSC has a poor image among employees, because of a perceived lack of confidentiality in medical record keeping,” Rossiter said. “I am conducting training sessions on HIPAA issues and their impact in clinical areas to improve this situation.”
 
The changes in hospital operations and information technology required by HIPAA doesn't come without charge—somewhere between $1.3 to $19.8 billion over a five year period to hospitals, according to American Hospital Association estimates.
 
A HIPAA committee was formed June 21 to assist in developing an organizationwide strategy to comply with the mandated regulations. On July 23, Ernst and Young consultants will present a HIPAA educational session from 8 a.m. to noon in the Storm Eye Auditorium, 8th floor. Also a shorter session will be from 1 to 2 p.m. Interested persons are invited to attend. There is no charge for this educational session.
 
Rossiter's HIPAA initiatives include utilizing the Medical Center’s security force under manager Paul Moss. Rossiter held HIPAA training sessions for all security personnel. They are on the lookout for unsecured patient medical records, and are prepared to secure them and file an incident report, she said. Rossiter completes a thorough investigation of any medical records that may have been compromised, or chart was involved and notifies managers of areas where the problems took place. Managers are encouraged to take any disciplinary actions needed regarding their employee. Discussions with the managers have resulted in problem solving to develop more secure methods of handling medical information.
  
“Improving the quality of patient care is a goal that everyone at MUSC can relate to, and HIPAA just gives us the guidelines for making those improvements,”  said Rossiter.
 
Employees should report any breeches in patient confidentiality to Rossiter at 792-4037 or e-mail rossitet@musc.edu.