New privacy rules, old technology creating a lot of headaches
What’s driving people craziest about the big national push to convert to EMRs? Maybe it’s the technology that some people don’t like. Maybe it’s resistance to change. Perhaps it’s the short timeline to implement before the stimulus program starts–Oct. 1 for hospitals, Jan. 1 for physician practices. There’s a lot of uncertainty, too, since the rules for “meaningful use” of EMRs aren’t final yet and are very much subject to change.
All of those are legitimate concerns, but they pale in comparison to the privacy issue.
The American Recovery and Reinvestment Act tightens HIPAA privacy and security rules, though just like the 1996 HIPAA legislation, it leaves many of the details up to the regulators at HHS. The 2002 “treatment, payment and healthcare operations” exception to the privacy rule is disappearing, meaning that healthcare organizations will have to obtain consent before disclosing personally identifiable health data to third parties.