County, hospital plan system to protect medical records
June 25, 2008 · Updated 4:07 PM
Island County's health services are establishing a system to better protect the medical information of patients.
On Monday, Island County commissioners appointed three county employees as security and privacy officials that will be involved with managing medical privacy rules at a county level.
"The county is simply putting the infrastructure in to comply with federal law," said Tim McDonald, county health department director.
McDonald will be a privacy official, as will the county's human resources director. An employee in central services will be the security official for medical privacy.
The appointees are necessary for the county to comply with privacy provisions in the federal Health Insurance Accountability and Portability Act. The law requires public agencies, such as Island County and the Whidbey Island Hospital District, to protect medical records and the privacy of those who use health services.
The privacy rules are supposed to give patients greater say in who can access their medical information and how that information is used.
HIPAA, passed by Congress in 1996, gives patients these rights concerning their information:
n The right to request limits on uses and disclosures of your protected health information.
n The right to choose how information is sent.
n The right to inspect and copy protected health information.
n The right to find out to whom a hospital or health agency has disclosed their information.
n The right to correct the information.
At Whidbey General Hospital, patients are given a brochure outlining the hospital's privacy practices and are required to sign a form saying they understand the information.
Whidbey General officials have spent months training the staff and developing a system to define who has access to patients' information.
Arlene Johnson, the hospital's director of quality management, said this week that health providers like the hospital have to constantly ask, "What information do I have and what do I need in relation to my job?"
She said a system is being put in place that allows providers to access only the minimum amount of information a doctor needs to treat patients.
During the the hospital district's commissioners meeting Monday evening, Johnson assuaged the fears of providers that the federal law might be too limiting.
"The intent of this law is not to impede treatment or quality of care," she said.
McDonald said that the new privacy rules add another layer of bureaucracy to the system, but added that the public can expect the same privacy standards from any health-care agency.
Passed in 1996, HIPAA was designed to offer health insurance protection for workers and their families when they change or lose their jobs.
Health care organizations have an April 14 deadline to enact privacy rules.
Neither the hospital board nor the county commissions discussed the price of complying with privacy rules.