Some HIPAA hysteria fades, but questions still linger

Share this content:

Fears and misconceptions sent many providers into overdrive when new medical records privacy rules went into effect last year.

Hospitals began refusing to provide nursing homes with medical records. Long-term care administrators ripped nameplates off of residents' doors.

Over the past year, much of the hysteria has subsided, but some organizations are still grappling with how to balance compliance concerns with the practicality of day-to-day operations.

"We had one hospital tell us that they would no longer fax over information in advance, even if the person being discharged had already decided to move into our facility," said Donna Maassen, privacy officer for Extendicare Health Services. "They said from now on we would have to send someone to the hospital to write down any needed information by hand."

Many of providers' frustrations stemmed more from overzealous interpretations than from the actual content of the rule, explained Jennifer Hilliard,  corporate compliance officer for the American Association of Homes and Services for the Aging, Washington.

Questions persist on myriad issues ranging from what constitutes a reasonable effort to prevent private information from being overheard to whether it's okay to post resident directories on the wall (Answer: Yes).

One of the major sources of guidance for long-term care providers has been the LTC Consortium, an informal group composed of compliance officers, attorneys and policy experts from more than 20 of the industry's largest organizations. The consortium has developed a number of free resources, including sample policies and training materials, which can be downloaded from the American Health Care Association's Web site at

LTCC also has published frequently asked questions addressing many common issues that arise in long-term care settings. The federal government has not officially endorsed the document, but consortium members think it reflects consensus in the field.

"It's important to recognize that the HIPAA rule does not apply uniformly to all industry sectors," explains Paul Worthen, HIPAA program manager for Beverly Enterprises, Fort Smith, AR. "In a long-term care facility, we're providing a home in addition to medical care, so we have to interpret the rule in light of our unique circumstances."

Worthen, a member of LTCC, emphasized that HIPAA is not intended to interfere with care or residents' quality of life.

"In Alzheimer's units, for example, it has become standard practice to have a memory boxoutside of residents' rooms containing photographs and other visual cues," he said. "This is a proven patient care technique, and HIPAA rules are not meant to hinder the quality of patient care -- you have to use some common sense."

Extendicare's Maassen agrees that a common-sense approach is best. Many routine issues can be addressed preemptively, she says.

 "Your notice of privacy practices provides an opportunity to define certain ways that you're going to routinely disclose information, such as to commemorate birthdays or other special events," she explains. "If you share this policy with residents during the admission process, then they're aware of your operations and can choose to restrict any information they don't want released."

Despite these reassurances, some providers continue to be frustrated by the implementation of yet another layer of regulations. Often, overzealous surveyors or unanswered questions about how to reconcile HIPAA with existing state regulations fuel their concerns. LTCC is c