Researchers at the University of Michigan have concluded that the privacy protections under the Health Insurance Portability and Accountability Act reduced the number of patients participating in an outcomes research project and introduced selection bias into the data collection process.
Consent by heart patients to provide researchers with follow-up information about their conditions dropped from 96% of patients contacted under a rule set used before the onset of the HIPAA guidelines to 34% of patients contacted using a HIPAA compliant set of procedures.
Patient information was gathered between May 1, 1999, and Aug. 30, 2001, and again between Sept. 1, 2001, and March 31, 2003. A total of 2,188 patients with acute myocardial infarction or unstable angina and ischemic symptoms within 24 hours were identified retrospectively.
The main difference between pre- and post-HIPAA was the requirement post-HIPAA that researchers first mail a letter to obtain written consent from patients for follow-up questions, whereas researchers using the pre-HIPAA guidelines first made the request during a telephone call.
Researchers under both methodologies were still able to access de-identified patient information, at least enough to initially identify patients by diagnosis and pull enough demographic information to make the initial call or to mail a HIPAA permission form. Included in the higher costs were those associated with programming computers to accept data and to train research staff under the new post-HIPAA follow-up protocol.
The report also concluded that start-up and first-year administrative costs rose by $8,705 because of the HIPAA burden. The report did not disclose the total cost of the study, so a percentage increase could not be calculated.