Think of physicians and their awareness of the Health Insurance Portability and Accountability Act of 1996, its implications and penalties, and the best mental picture to draw is that of an ostrich with its head in the sand.
A low percentage of physician executives surveyed say they're even aware of the federal law, which will change their normal course of business. Even fewer say they're ready to comply with the final rules.
The technology survey shows that physician executives have little confidence that HIPAA will, indeed, protect patient privacy.
"There's so much uncertainty in the industry as to what the standards will be," says Robert Tennant, government affairs manager for the Medical Group Management Association. "The law was passed in 1996. The first round of regulations was discussed in 1998. It's almost 2002, and they still haven't (finalized the regulations). The doctors are saying, 'Well, I'm not going to worry about it until I have to.'"
Several groups have sued to have the regulations declared illegal, and the National Governors Association has requested that the compliance deadline be pushed back so it can focus on anti-terrorism efforts. Federal officials have "a lot of other things on their plates," Tennant says. "Since there's no real deadline yet, a lot of this has really been shuffled to the side."
AMA officials say physicians aren't the problem when it comes to patient privacy. The real threat to patient privacy is insurers, pharmaceutical companies and marketers, says Donald Palmisano, M.D., a surgeon in New Orleans and a member of the AMA Board of Trustees.
"We think the intent of the privacy regulation is good," he says. "However, we think it creates undue costs and burden on small physician practices."
AMA officials are lobbying administration and congressional leaders to close what they say are loopholes and reduce the bureaucracy, Palmisano says.
Regulations such as the one requiring physicians to have a privacy officer at each practice will strain small practices, he says.
Physicians are "overwhelmed by the increasing regulations and mandates that are interfering with the patient-physician relationship," he says. "They barely have enough time to see the patient, and they have to spend more time hiring staff, which increases overhead. Most physicians are taking the attitude of 'Let me know when the final rules of the game are out. I'll do my best to comply with them.'"
To ramp up for the inevitable HIPAA deadline crush, AMA officials have posted HIPAA information on their Web site and have held seminars at their meetings.
"We're making attempts to do anything we can do to enhance communications," Palmisano says.
But they're cautioning against signing up with vendors offering "HIPAA-compliant" software or programs, Palmisano says. The software and programs can't comply with rules that don't yet exist, he says. "It would be like signing a contract for building a house and you start doing change orders. It gets expensive to modify existing plans."
MGMA officials also don't recommend purchasing HIPAA-compliant software or products, Tennant says.
It's also difficult to know how to educate medical groups, Tennant says, adding that MGMA has hosted several conferences about HIPAA.
"What message do you send out? You try to keep it fairly general and give them advice on things that don't cost anything--on documentation and reviewing their own internal policies."