Federal health privacy regulations to protect patient confidentiality were released yesterday by the Clinton Administration.
The regulations establish national standards for how personal health information is used and distributed, and to set criminal and civil penalties for breaching patient privacy.
The American Association of Occupational Health Nurses (AAOHN) and the American College of Occupational and Environmental Medicine (ACOEM) called the regulations a major step toward protecting personal health and medical information.
"The new federal regulations will help address some major areas of individual''s concerns regarding privacy of health information held by employers," said AAOHN and ACOEM.
Under the final rules, health plans and providers will be required to inform patients about how their information is being used and to whom it is being disclosed.
The regulations will also give each patient a right to a "disclosure history" listing the entities that received their personal medical information.
However, both groups are concerned because the protection of specific health information used by employers -- such as information collected by occupational health professionals for wellness programs and for management of occupational injuries and routine consultations at work -- may not be covered by the regulations.
Both organizations made recommendations for changes during the comment period prior to the new regulations being issued.
AAOHN and ACOEM believe that some of their initial concerns have been addressed in the final rules, yet are concerned that all health information at the work environment is not included under the protections.
"This new rule represents a significant first step toward health privacy, but it does not do enough to eliminate employees'' risk of health information disclosures to their employers. Simply put, employers are not always subject to the rule," said Larri Short, privacy rights expert and attorney at the Washington, D.C.,-based law firm Arent Fox. "As a result, they will continue to have relatively free access to personal health information obtained through fitness-to-work examinations, occupational safety and health initiatives and workers'' compensation programs."
AAOHN President Deborah DiBenedetto is also concerned about what type of information employers will be able to obtain about heir employees under the new rule.
"Employers do have legitimate needs to have access to certain health information for managing workers'' compensation or other benefits, accommodating a disabled employee, or assessing an employee''s physical capability to complete assigned tasks," said DiBenedetto. "However, this does not mean that an employer should have access to unrelated information -- such as an employee''s diagnosis or entire medical file."
AAOHN and ACOEM say legislation is needed to authorize the development of privacy rules that will draw the privacy lines appropriately for information collected and used in the work environment.
"Protecting confidentiality and privacy is imperative to preserving patient trust," said Robert Goldberg, president of ACOEM. "Personal medical information obtained as a result of employment should be extended the same confidentiality protections as that collected for payment purposes."
Until such rules are established, ACOEM and AAOHN recommended the following guidelines for companies and employees:
- Establish corporate policies that outline your information practices as they relate to collecting and maintaining personal health information, including information collected through occupational health and safety programs.
- All employee health information should be kept confidential and released only when required by law or overriding public health considerations, when needed by other health professionals for specific reasons and when needed by designated individuals at the request of the employee.
- Health information should not be used in making decisions about hiring, firing or promotion.
- Ask for a copy of your company''s employee handbook and review your rights regarding your personal health information records kept at your workplace.
- Request an employee educational seminar on personal health information privacy at your company for you and your colleagues.
- Be aware of the health information, insurance claims forms and other legal medical documents you sign. You may be giving permission to release your health information and not realize it.
by Virginia Sutcliffe