Monday, May 21, 2007
Joint Commission Revises Restraint and Seclusion Standard
The Joint Commission has revised its restraint and seclusion standard (PC.12.90) effective immediately to align with the Centers for Medicare & Medicaid Services final rule on patients’ rights. The CMS rule, issued in December 2006, applies to all hospitals that participate in the Medicare and Medicaid program. Among other provisions, it allows a registered nurse or physician assistant to conduct the "face-to-face" evaluation required within one hour after a patient is restrained or secluded, if the RN or PA is trained in accordance with CMS requirements and consults with the attending physician or a licensed independent practitioner as soon as possible.
Trends Affecting Hospitals and Health Systems, April 2007
The American Hospital Association releases its 8th annual TrendWatch Chartbook 2007, which provides charts and data on trends in the field.
- Trends in the Overall Health Care Market
- Organizational Trends
- Utilization and Volume
- Trends in Hospital Financing
- Workforce
- The Economic Contribution of Hospitals
- Trends in the Overall Health Care Market
- Organizational Trends
- Utilization and Volume
- Trends in Hospital Financing
- Workforce
- The Economic Contribution of Hospitals
"Toothless" HIPAA
The Health Insurance Portability and Accountability Act (“HIPAA”), adopted by Congress in 1996, aims to protect the security and privacy of health information. 45 C.F.R. §§ 160, 164 (2006). The regulations promulgated pursuant to this Act apply to “covered entities,” which include (1) health plans, such as health insurance companies, HMOs, Medicare, and Medicaid; (2) health care clearinghouses, such as billing companies and third party administrators; and (3) health care providers, such as hospitals and doctors. 45 C.F.R. § 160.103 (2006). These regulations protect patient privacy by restricting disclosure of health information to the “minimum necessary,” while also preventing unauthorized use by “downstream users.” See 45 C.F.R. § 164.502(e)(1) (stating that a covered entity may only release protected health information to its business associates if it receives satisfactory assurance that the business associate will take the appropriate steps to ensure the confidentiality of the information).
While HIPAA imposes a host of obligations on covered entities in an attempt to increase patient privacy, it does not explicitly create any individual rights for patients affected by medical privacy violations. Therefore, a patient who has been seriously harmed as a result of these privacy leaks cannot bring a lawsuit against the responsible party. Instead, a victim's only recourse is to file a complaint with the Department of Health and Human Services (“HHS”). 45 C.F.R. § 160.306. If HHS decides to pursue a victim's complaint, it may impose fines against the responsible covered entity. 42 U.S.C. § 1320d-6(b) (2006). However, since HIPAA's enactment, HHS has rarely imposed fines or criminal sanctions. [According to one report, HHS had not yet brought a single civil enforcement action under HIPAA as of November, 2005. Joseph Conn, Ruling Called HIPAA Barrier, Modern Healthcare, Nov. 14, 2005, at 16. There has only been one criminal conviction under HIPAA. United States v. Gibson, No. CR04-0374RSM, 2004 WL 2188280 (W.D. Wash. Aug. 19, 2004); Trial Pleading, United States v. Gibson, No. CR04-0374RSM, 2004 WL 2237585 (W.D. Wash. Aug. 19, 2004)]. Regardless of any enforcement action taken by HHS, the victim will not be compensated for the harm caused by this breach of privacy.
For more information read 60 Vand. L. Rev. 199.
While HIPAA imposes a host of obligations on covered entities in an attempt to increase patient privacy, it does not explicitly create any individual rights for patients affected by medical privacy violations. Therefore, a patient who has been seriously harmed as a result of these privacy leaks cannot bring a lawsuit against the responsible party. Instead, a victim's only recourse is to file a complaint with the Department of Health and Human Services (“HHS”). 45 C.F.R. § 160.306. If HHS decides to pursue a victim's complaint, it may impose fines against the responsible covered entity. 42 U.S.C. § 1320d-6(b) (2006). However, since HIPAA's enactment, HHS has rarely imposed fines or criminal sanctions. [According to one report, HHS had not yet brought a single civil enforcement action under HIPAA as of November, 2005. Joseph Conn, Ruling Called HIPAA Barrier, Modern Healthcare, Nov. 14, 2005, at 16. There has only been one criminal conviction under HIPAA. United States v. Gibson, No. CR04-0374RSM, 2004 WL 2188280 (W.D. Wash. Aug. 19, 2004); Trial Pleading, United States v. Gibson, No. CR04-0374RSM, 2004 WL 2237585 (W.D. Wash. Aug. 19, 2004)]. Regardless of any enforcement action taken by HHS, the victim will not be compensated for the harm caused by this breach of privacy.
For more information read 60 Vand. L. Rev. 199.
Subscribe to:
Posts (Atom)