Health firms adapt to new privacy rules

Starting this week, doctors and hospitals must guard patient medical information more closely. Patient-related e-mails, phone calls and notes all have to show strict regard to privacy under the Health Insurance Portability and Accountability Act of 1996.

HIPAA is a federal law that requires

The act obviously covers doctors, pharmacies, insurers and hospitals. Some companies and individuals working on the fringe of the industry also have new responsibilities under HIPAA, including health care auditors, lawyers, billing firms, data processors and accountants.

Brothers Scott and Brian Richardson, vice presidents of Doctor's Exchange Inc., an answering service firm in Metairie, have been working late nights to prepare their company for HIPAA.

"We really like doing business the old-fashioned way, not giving our clients documents that they have to review with their attorneys," Scott Richardson said.

Brian Richardson has researched HIPAA to find out how it will affect their service.

About 85% of the Doctor's Exchange clients work in medicine and the company takes messages for more than 1,000 doctors. The Doctor Exchange call center takes messages for doctors, and the notes often include confidential patient information, which means Doctor's Exchange must follow the new requirements.

Several area hospitals gave seminars regarding doctor compliance with HIPAA, but most physicians are on their own in figuring out how it applies to them. Although most doctors know they have to get contracts signed with their billing services, they may not think to ask their consultants or contracted janitors to sign.

"They're kind of fuzzy on the lines," said Anthony Dileo, an attorney with Stone, Pigman, Walther, Wittmann & Hutchinson in New Orleans. "It's a little murkier when you get into these other situations."

To extend HIPAA's reach beyond clinics, businesses such as Doctor's Exchange should sign a special form, known as a business associate's contract, with each doctor, insurer or hospital served, Dileo said. The contract requires the companies to disclose their privacy policies.

Doctors have until April 2004 to make sure each business associate signs a contract unless the service contract between the doctor and the service company renews before then, said Jim Hritz, vice president and privacy officer at East Jefferson General Hospital in Metairie. Contracts that renew before April 2004 must immediately implement a business associate's clause.

Dileo said it is the doctor's responsibility to make sure each of his associate firms signs the form. Several governmental Web sites, including the Office for Civil Rights' site at www.hhs.gov/ocr/, give samples of the contracts. Simple versions of the contracts can be a page long but some forms are up to seven pages.

Rather than wait for doctors to send in hundreds of different forms, Brian Richardson opted for a proactive approach. During the last few weeks, he's been sending a one-page business associate's contract to all his medical clients.

So far, about 80% of his client list has signed the contract.

"I expect to spend a couple of days going to some offices to talk the contract over with the physicians," Brian Richardson said. He added that Doctor's Exchange took the lead on finalizing the business contracts because doctors were upset about the cost of hiring a HIPAA compliance officer to implement the new regulations.

Don Frutiger, a director and certified public accountant with Laporte Sehrt Romig and Hand, an accounting firm in Covington, has so far signed only a few business associate's contracts.

"I knew we would probably have to fill something out, but it didn't click with me until I got my first one," Frutiger said. "It's really come to the forefront in the last month."

Dileo said some companies do not have to fill out business associate contracts for HIPAA. Doctors don't have to fill out contracts for companies receiving information for reasons concerning public health, worker's compensation, a judicial process, law enforcement or personal finance.