Explore the vast range of titles available.

The Health Insurance Portability and Accountability Act (HIPAA) aims to safeguard patient information; however, complex legal language may lead to confusion and mistrust, and hinder enrollment in clinical trials. To evaluate the effect of a standard HIPAA authorization included in mailed survey packets on study enrollment for a multi-site pragmatic trial. This study is nested within an advance care planning pragmatic trial at 50 primary care clinics across three University of California (UC) Health Systems. We included English and Spanish-speaking seriously ill patients. One third of eligible patients received and 2/3 did not receive the HIPAA authorization in their enrollment packet. We compared enrollment rates at 3 months and assessed the readability, understandability, and actionability of the standard HIPAA form using the Federal Plain Language Guidelines Checklist for Plain Language, the Automatic Readability Checker consensus calculator (grade 8 is the average reading level for US adults), and the Patient Education Materials Assessment Tool for Printable Materials (PEMAT-P, 0-100%, 70% considered the minimum). Of 4632 eligible patients (mean age 71, 48% women, 11% Spanish-speaking, 40% racial/ethnic minority); 1543 received a mailed enrollment packet with a HIPAA form and 3089 did not. Patients mailed the HIPAA form were less likely to enroll (10.2% vs. 14.8%, p < 0.001). The standard HIPAA form scored at the 12th grade reading level, had a PEMAT-P Understandability score of 42%, had an Actionability score of 40%, and only met 50% of Federal Plain Language Guideline Checklist items. The inclusion of a standard HIPAA authorization in mailed enrollment packets for a large pragmatic trial led to lower rates of study enrollment. This study informs how HIPAA authorization forms should be redesigned to be more accessible to patients to prevent unnecessary barriers to research enrollment.

In the realm of health care, privacy protections are needed to preserve patients' dignity and prevent possible harms. Ten years ago, to address these concerns as well as set guidelines for ethical health research, Congress called for a set of federal standards now known as the HIPAA Privacy Rule. In its 2009 report, Beyond the HIPAA Privacy Rule: Enhancing Privacy, Improving Health Through Research, the Institute of Medicine's Committee on Health Research and the Privacy of Health Information concludes that the HIPAA Privacy Rule does not protect privacy as well as it should, and that it impedes important health research.

Since 2000, federal regulations have affirmed that patients have a right to a complete copy of their health records from their physicians and hospitals. Today, providers across the nation use electronic health records and electronic information exchange for health care, and patients are choosing digital health apps to help them manage their own health and health information. Some doctors and health systems have voiced concern about whether they may transmit a patient’s data upon the patient’s request to the patient or the patient’s health app. This hesitation impedes shared information and care coordination with patients. It impairs patients’ ability to use the state-of-the-art digital health tools they choose to track and manage their health. It undermines the ability of patients’ family caregivers to monitor health and to work remotely to provide care by using the nearly unique capabilities of health apps on people’s smartphones. This paper explains that sharing data electronically with patients and patients’ third-party apps is legally consistent under the Health Insurance Portability and Accountability Act (HIPAA) with routine electronic data sharing with other doctors for treatment or with insurers for reimbursement. The paper explains and illustrates basic principles and scenarios around sharing with patients, including patients’ third-party apps. Doctors routinely and legally share health data electronically under HIPAA whether or not their organizations retain HIPAA responsibility. Sharing with patients and patients’ third-party apps is no different and should be just as routine.

The International Classification of Diseases-10 (ICD-10 is a new system that is expected to be implemented effective on October 1, 2013. This new system is a federally mandated change affecting all payers and providers, and is expected to exceed both the Health Insurance Portability and Accountability Act (HIPAA) and Y2K in terms of costs and risks. However, the Administration is poised to implement these changes at a rapid pace which could be problematic for health care in the United States. In 2003, HIPAA named ICD-9 as the code set for supporting diagnoses and procedures in electronic administrative transactions. However, on January 16, 2009, the Department of Health and Human Services (HHS) published a regulation requiring the replacement of ICD9 with ICD-10 as of October 1, 2013. While ICD-9 and 10 have a similar type of hierarchy in their structures, the ICD-10 is more complex and incorporates numerous changes. Overall, ICD-10 contains over 141,000 codes, a whopping 712% increase over the less than 20,000 codes in ICD-9, creating enormous complexities, confusion, and expense. Multiple published statistics illustrate that there are approximately 119 instances where a single ICD-9 code can map to more than 100 distinct ICD-10 codes, whereas there are 255 instances where a single ICD-9 code can map to more than 50 ICD-10 codes. To add to the confusion, there are 3,684 instances in the mapping for diseases where a single ICD-10 code can map to more than one ICD-9 code. Proponents of the new ICD-10 system argue that the granularity should lead to improvements in the quality of health care, since more precise coding that more accurately reflects actual patient conditions will permit smarter and more effective disease management in pay-forperformance programs. This, in essence, encapsulates the benefits that supporters of this new system believe will be realized, even though many of these experts may not be involved in actual day-to-day medical practices. Detractors of the system see the same granularity as burdensome. The estimated cost per physician is projected to range from$25,000 to $ 50,000. Further, they argue that the ICD10 classification is extremely complicated, and expensive. Concerns exist that it is being implemented without establishing either the necessity or thinking through the unintended consequences. Opponents also argue that beyond financial expense, it is also costly in terms of human toll, hardware and software expenses and has the potential to delay reimbursement. There is also concern that an unintended consequence of granularity would be the potential for enhanced and unnecessary fraud and abuse investigations. The authors of this article favor postponing the implementation of the ICD-10 until such time as its necessity is proven and implications are understood. Key words: Diagnostic coding systems, International Statistical Classification of Diseases and Related Health Problems (ICD), ICD-9-CM, ICD-10-CM, regulations, growth, evidencebased literature, reimbursement, claims, Health Insurance Portability and Accountability Act (HIPAA)

Clinical data registries are valuable tools that support evidence development, performance assessment, comparative effectiveness studies, and the adoption of new treatments into routine clinical practice. Although these registries do not have important information on long-term therapies or clinical events, administrative claims databases offer a potentially valuable complement. This article focuses on the regulatory and ethical considerations that arise from the use of registry data for research, including linkage of clinical and administrative data sets. (1) Are such activities primarily designed for quality assessment and improvement, research, or both, as this determines the appropriate ethical and regulatory standards? (2) Does the submission of data to a central registry, which may subsequently be linked to other data sources, require review by the institutional review board (IRB) of each participating organization? (3) What levels and mechanisms of IRB oversight are appropriate for the existence of a linked central data repository and the specific studies that may subsequently be developed using it? (4) Under what circumstances are waivers of informed consent and Health Insurance Portability and Accountability Act authorization required? (5) What are the requirements for a limited data set that would qualify a research activity as not involving human subjects and thus not subject to further IRB review? The approaches outlined in this article represent a local interpretation of the regulations in the context of several clinical data registry projects and focuses on a specific case study of the Society of Thoracic Surgeons National Database.

Electronic health records and electronic health information exchange are essential to improving quality of care, reducing medical errors and health disparities, and advancing the delivery of patient-centered medical care. In the US correctional setting, these goals are critical because of the high numbers of Americans affected, yet the use of health information technology is quite limited. In this article, I describe the legal environment surrounding health information sharing in corrections by focusing on 2 key federal privacy laws: the Health Insurance Portability and Accountability Act of 1996 and the federal Confidentiality of Alcohol and Drug Abuse Patient Records laws. In addition, I review stakeholder concerns and describe possible ways forward that enable electronic exchange while ensuring protection of inmate information and legal compliance.

Public health research and practice often have been facilitated through the evaluation and study of population-based data collected by local, state, and federal governments. However, recent concerns about identify theft, confidentiality, and patient privacy have led to increasingly restrictive policies on data access, often preventing researchers from using these valuable data. We believe that these restrictions, and the research impeded or precluded by their implementation and enforcement, have had a significant negative impact on important public health research. Members of the public health community should challenge these policies through their professional societies and by lobbying legislators and health officials to advocate for changes that establish a more appropriate balance between privacy concerns and the protection of public health.

The forced implementation of ICD-10-CM (International Classification of Diseases, Tenth Revision, Clinical Modification) codes that are specific to the United States, scheduled for implementation October 1, 2015, which is vastly different from ICD-10 (International Classification of Diseases, Tenth Revision), implemented worldwide, which has 14,400 codes, compared to ICD-10-CM with 144,000 codes to be implemented in the United States is a major concern to practicing U.S. physicians and a bonanza for health IT and hospital industry. This implementation is based on a liberal interpretation of the Health Insurance Portability and Accountability Act (HIPAA), which requires an update to ICD-9- CM (International Classification of Diseases, Ninth Revision, Clinical Modification) and says nothing about ICD-10 or beyond. On June 29, 2015, the Supreme Court ruled that the Environmental Protection Agency unreasonably interpreted the Clean Air Act when it decided to set limits on the emissions of toxic pollutants from power plants, without first considering the costs on the industry. Thus, to do so is applicable to the medical industry with the Centers for Medicare and Medicaid Services (CMS) unreasonably interpreting HIPAA and imposing existent extensive regulations without considering the cost. In the United States, ICD-10-CM with a 10-fold increase in the number of codes has resulted in a system which has become so complicated that it no longer compares with any other country. Moreover, most WHO members use the ICD-10 system (not ICD-10-CM) only to record mortality in 138 countries or morbidity in 99 countries. Currently, only 10 countries employ ICD-10 (not ICD-10-CM) in the reimbursement process, 6 of which have a single payer health care system. Development of ICD-10-CM is managed by 4 non-physician groups, known as cooperating parties. They include the Centers for Disease Control and Prevention (CDC), CMS, the American Hospital Association (AHA), and the American Health Information Management Association (AHIMA). The AHIMA has taken the lead with the AHA just behind, both with escalating profits and influence, essentially creating a statutory monopoly for their own benefit. Further, the ICD-10-CM coalition includes 3M which will boost its revenues and profits substantially with its implementation and Blue Cross Blue Shield which has its own agenda. Physician groups are not a party to these cooperating parties or coalitions, having only a peripheral involvement. ICD-10-CM creates numerous deficiencies with 500 codes that are more specific in ICD-9-CM than ICD-10-CM. The costs of an implementation are enormous, along with maintenance costs, productivity, and cash disruptions. Key words: ICD-10-CM, ICD-10, ICD-9-CM (International Classification of Diseases, 10th Revision, Ninth revision, Clinical Modification), Health Insurance Portability and Accountability Act (HIPAA), Health Information Technology (HIT), costs of implementation

As health care costs continue to rise, an increasing number of self-insured employers are using financial rewards or penalties to promote healthy behavior and control costs. These incentive programs have triggered a backlash from those concerned that holding employees responsible for their health, particularly through the use of penalties, violates individual liberties and discriminates against the unhealthy. This paper offers an ethical analysis of employee health incentive programs and presents an argument for a set of conditions under which penalties can be used in an ethical and responsible way to contain health care costs and encourage healthy behavior among employees. [PUBLICATION ABSTRACT]