Not everyone wants to dump the medical privacy regulations. More than 40 Democratic senators and congressmen last week sent a letter to HHS Secretary Tommy Thompson urging him to make the new medical privacy standards effective as scheduled on April 14.
The group asked Thompson "not to give in to the data miners and business interests" that want to delay, alter or kill the medical privacy standards, which were mandated by the Health Insurance Portability and Accountability Act of 1996 (See related story, p. 36.)
"I don't think the secretary has a reason to stop these privacy regulations at this point," said Rep. Henry Waxman (D-Calif.), one of 46 Democratic lawmakers signing the letter to Thompson. Others include Sens. John Dingell of Michigan, Thomas Harkin of Iowa, Edward Kennedy of Massachusetts and Patrick Leahy of Vermont.
The American Hospital Association differs. "We don't agree with (the Democrats) that these regulations should go forward in their current form," AHA Vice President Melinda Hatton said. The AHA has asked Thompson to delay the scheduled effective date and says patient care and hospital operations will suffer if he does not.
In fact, the AHA and other national hospital groups have urged their members to flood HHS with comments on the regulations in the hopes of delaying them further or killing them outright (March 19, p. 8).
Hospital groups received some support from an unlikely ally last week when the national Blue Cross and Blue Shield Association released a report saying that HHS underestimated hospitals' costs for complying with new regulations requiring standardized electronic transactions.
Compliance, also mandated by HIPAA, would cost hospitals with 200 to 300 beds from $775,000 to $3.5 million each, compared with HHS' prediction of an average per-hospital cost of $100,000 to $200,000 across hospitals of all sizes. The transaction standards are expected to yield savings, but the return on the investment won't materialize for at least five years, the report said. Hospitals have until October 2002 to comply.
Meanwhile, other organizations support an April 14 start for the privacy regulations. "While the rules may not be perfect, we believe that they are an excellent place to start," said Chris Koyanagi, representing the 36-member Mental Health Liaison Group, which includes some providers.
Although the rules' effective date is scheduled for this April, healthcare providers would have two years more, until April 14, 2003, to comply with the standards. An official source said even if the regulations become effective as is, Thompson would have substantial flexibility under HIPAA to modify the standards before the 2003 deadline.
--With Jeff Tieman