Even without the benefit of last-minute comments that were pouring in late last week, HHS Secretary Tommy Thompson said he is likely to make changes to controversial medical records privacy standards scheduled to take effect April 14.
"I am fairly certain, without saying for sure, that there will be some modifications to simplify and lessen the financial burden (of the privacy rule)," Thompson said during a meeting with reporters last week.
Thompson, however, said he wouldn't testify before Congress on the matter until after lawmakers return from a two-week recess in late April, past the rule's scheduled effective date. "I will make my decision in the next 30 days, and then I will go on Capitol Hill and I will testify," he said.
The privacy standards were mandated as part of the Health Insurance Portability and Accountability Act of 1996 and approved by former President Clinton. Saying the previous administration made a procedural error developing the regulations, Thompson delayed the original effective date of Feb. 26 and reopened the rule for comment.
Although a comment period was allowed for the proposed regulations, no comment period preceded the final rule, Thompson said. "And the final rule was a lot different from the proposed rule," he said.
Thompson said HHS staff has begun categorizing the more than 5,200 comments that had been received during the reopened comment period as of March 28. The comment period closed March 30.
Observers question whether it will be possible for HHS to review the new comments and make changes to the regulations in time for the scheduled April 14 effective date.
Asked if reviewing the new comments and possibly modifying the rule would delay the effective date, Thompson said, "I don't think that is definite. I don't want to say that we are going to delay it, because I have not made that decision."
Last week, an American Hospital Association-led coalition of nine healthcare provider organizations wrote to senators and members of Congress asking them to urge Thompson to suspend the April 14 effective date. The coalition's letter said, "in their current form, the medical privacy rules could undermine crucial aspects of patient care, medical research and essential hospital operations."
A survey released last week, however, showed that providers support key provisions of the privacy rule. About 75% of hospital respondents said the standards requiring hospitals to obtain patient consent before sharing personal health information should be preserved without alteration, according to the survey of 517 organizations, including 266 hospitals, done by consulting firm Phoenix Health Systems in Montgomery Village, Md.
Among payers, however, 74% of respondents wanted the consent rule eliminated.
Also, 63% of hospitals said no changes should be made to the highly controversial "minimum necessary" rule, which limits how much patient information hospitals can share for administrative purposes.
Another finding released last week showed that hospitals will be able to withstand the financial burden related to complying with HIPAA mandates-including the privacy regulations, transaction standards and security requirements-without adversely affecting their credit ratings.
Moody's Investor Service said not-for-profit hospitals should be able to maintain a high credit rating, now averaging A3, because the costs of HIPAA will be spread over time. The New York-based agency rates more than 520 not-for-profit hospitals with a combined $90 billion in debt.
Moody's said about one in five hospitals have not yet budgeted for HIPAA expenses.