The U.S. Department of Health and Human Services last week filled more than 400 pages with the final version of the privacy regulation required by the Health Insurance Portability and Accountability Act of 1996.
The regulation, which will apply to most health plans starting April 14, 2003, addresses everything from use of protected health information in research to exemptions that let doctors discuss health matters with patients in semiprivate rooms.
Representatives for the American Association of Health Plans and the Health Insurance Association of America, both of Washington, are praising the final version of the regulation but emphasizing what it leaves out: any effort to preempt state privacy laws.
HIPAA itself authorizes HHS to set a minimum “floor” for privacy standards, but then gives states the right to impose tougher standards.
The AAHP released a statement promising that it “will continue to work with the administration to address current confusion and inconsistency between the federal rule and the individual laws of 50 states.”
The conflict between the federal and state rules “is going to cause a lot of problems,” HIAA spokesman Joseph Luchok says. “It could be a big mess.”
The HIAA is calling for Congress to enact new, national health privacy legislation that would take the matter out of the states hands.
Congress ordered HHS to develop a health privacy regulation in HIPAAs “administrative simplification” section.