| |
|
MEDICAL PRIVACY
Two Home Health
Nurses Sound Alarm
Two New Laws Erode Privacy of Medical
Records for All Home
Health Patients Regardless of Insurance
Coverage
January 25, 1999
Letter to Citizens' Council on Health Care
New laws will soon become effective that pose an immediate and
massive threat
to medical records privacy - unprecedented in scope, breadth,
depth, and
specificity. Detailed highly personal health care information
will be stored
in state and federal government computerized databases in
patient identifiable
form - comprehensive personal health information that should
only be shared
privately between patients and their immediate health care
providers.
On January 25, 1999, two new federal regulations were
published in the Federal
Register that revises the HCFA "Conditions of Participation"
(COP) for Home
Health Agencies (42 CFR Parts 484 and 488). The first
regulation
(HCFA-3007-F) was published as a final rule, effective
2/24/99. It authorizes
the Secretary of the Department of Health and Human Services
to require that
each patient receives from any home health agency (HHA)
participating in the
Medicare programs, a comprehensive assessment at specific time
points during
their home health services. The rule requires the use of a
standard
assessment data set named the "Outcome and Assessment
Information Set"
(OASIS). The second regulation (HCFA-3006-IFC) was published
as an "Interim
final rule with comment period." This regulation requires
HHAs to
electronically transmit OASIS data collected to the state
Department of Health
Services (DHS) effective 4/26/99. Further, section 488.68(a)
requires the
state DHS to store and analyze the data in a database system
and (b) make
available to HCFA all OASIS records received on a monthly
basis. HCFA "will
electronically retrieve OASIS data from the HCFA standard
State system into a
central repository at HCFA for analysis."
There are two purposes for these new regulations:
1) Establish a prospective payment system (required by Balance
Budget Act of
1997) using reliable outcome and case-mix adjustment data; and
2) Achieve broad-based, measurable improvement in the quality
of care
furnished through Federal programs.
The 105 item OASIS data set was developed, tested, and refined
for the past 10
years through research conducted by the Center for Health
Services and Policy
Research at the University of Colorado and funded largely by
HCFA, the Robert
Wood Johnson Foundation, and more recently, New York State.
The OASIS items
were designed for the purpose of enabling the rigorous and
systematic
measurement of patient home health care outcomes, with
appropriate adjustment
for patient risk factors affecting those outcomes.
The HCFA regulations require collection of OASIS data items on
all non-
maternity patients age 18 and over that receive health
services from Medicare-
certified home health agencies, regardless of payment source.
OASIS must be
collected on all patients upon HHA admission, discharge, and
certain other
episodic and periodic time points. The complete OASIS
assessments must be
electronically transmitted monthly to the state DHS for
storage in an
electronic database and then sent to HCFA by the DHS. OASIS
data must be
collected and transmitted to the government even on patients
whoās home health
care is NOT being funded by a government program e.g. patients
that private
pay or care through employer-sponsored benefit programs.
The OASIS assessment contains
patient-identifying data (i.e. the patientās
full name, date of birth, Social Security, Medicare, and
Medicaid numbers) and
over 80 personal and clinical items. All OASIS items - the
patient
identifying data linked with personal and clinical data - must
be
electronically transmitted to the state DHS. The computerized
databases that
the state DHS and HCFA maintain will, therefore, contain
patient-identifiable
clinical diagnoses, assessments, and observations. We have
grave concerns
about the storage and availability of the OASIS patient
identifiable health
information in government databases.
The 80+ questions require detailed and precise answers about
the sensitive
areas of:
· Medical diagnoses (including ICD-9 codes) and health
history;
· Treatments and medications;
· Life expectancy;
· Risk factors (e.g. obesity, smoking, alcohol and drug
dependencies);
· Conditions such as sores, ulcers, urinary and bowel
status/habits, pain;
· Ability to perform personal care functions (including
bathing and
toileting);
· Cognitive and behavioral observations (e.g. confusion,
agitation, socially
inappropriate behavior, poor judgment, etc.)
· Psychological status (e.g. coping, anxiety, suicidal
tendencies, etc.);
· Financial factors; and
· Home situation (who the patient lives with and ratings
of their dwelling).
There are no provisions in the published rules either
(1)requiring the
patientās knowledge or consent to have their identifiable
personal and
clinical information sent to the state DHS and HCFA or
(2)specifying the
consequences (if any) of a patient refusing to give consent
for broad and
open-ended medical records release and storing of identifiable
information of
this type.
The fine points of individual patient's private lives will be
cataloged
electronically by the government in patient identifiable form
- breaching the
confidential physician-patient relationship and leaving their
privacy in
jeopardy of invasion.
The two reasons for these new regulations are worthy and
desperately needed.
The intent can be easily met, however, without including
patient identifiable
data linked with the clinical assessments.
Section 4602(e) of the BBA of 1997 authorizes the Secretary
"to require that
HHAs submit any information that the Secretary considers
necessary to develop
a reliable case mix system."
We take a strong position that patient identifiable
information is NOT
necessary to develop a case mix system or for outcome based
quality
improvement. We urge that all of the OASIS assessments be
reported to the
state DHS and HCFA without patient identifying data.
Aggregate clinical data
would allow DHS and HCFA to totally accomplish the purposes of
the new
regulations and protect patientsā right to privacy and
confidentiality with
their health care providers. The OASIS assessments could be
coded (without
direct patient identifying information) to identify subsequent
assessments for
the same patient. The HHAs could be mandated to maintain a
system that
enables the agencies to trace and provide the specific OASIS
assessments and
medical records at the request of a state DHS or HCFA
representative when
needed for audits or surveys (e.g. concerns about data
quality, investigation
of fraud and abuse, etc.).
There is absolutely no reason to have patient identifiers
linked to detailed
clinical assessments and transmitted to the state DHS and HCFA
for meeting the
necessary purposes of the two new regulations.
Marian Callahan RN, PHN, BSN
El Cajon, California
Training and Education Coordinator, Medicare-certified Home
Health and Hospice
Agency
19 years clinical and administrative experience in public
health, home health,
and hospice.
Jan Anderson RN, PHN, BSN
Escondido, California
14 years clinical, supervisory, and administrative experience
in Medicare-
certified home health
|
 |
Citizens' Council on Health Care
1954 University Avenue West, Suite 8, St. Paul, MN 55104
Phone: 651.646.8935 / Fax: 651.646.0100, e-mail
|
| |
