Law Concerns Privacy, Transfer of Patient Data New Regulations Will Affect SLPs, Audiologists Across Settings Policy Analysis
Policy Analysis  |   February 01, 2001
Law Concerns Privacy, Transfer of Patient Data
Author Notes
Article Information
Regulatory, Legislative & Advocacy / Policy Analysis
Policy Analysis   |   February 01, 2001
Law Concerns Privacy, Transfer of Patient Data
The ASHA Leader, February 2001, Vol. 6, 1-24. doi:10.1044/leader.PA.06032001.1
The ASHA Leader, February 2001, Vol. 6, 1-24. doi:10.1044/leader.PA.06032001.1
As part of sweeping efforts to reform health care insurance, the U.S. Department of Health and Human Services has recently released regulations addressing privacy of and electronic transmission of patient information. The privacy rule and the electronic data interchange (EDI) standards pertain to all health care providers who engage in electronic transactions involving patient health information -- including speech-language pathologists (SLPs) and audiologists.
The rules were developed for the implementation of the Health Insurance Portability and Accountability Act (HIPAA, P.L. 104-191). HIPAA was enacted in 1996 to improve portability and continuity of health insurance coverage; combat waste, fraud, and abuse in health insurance and health care delivery; promote medical savings accounts; improve access to long-term care services and coverage; and simplify the administration of health insurance.
Released in December 2000, the privacy rule establishes standards to protect patient information, including all medical records and other individually identifiable health information held or disclosed in any form. The rule also eliminates “local” or Level III HCPCS codes. The compliance date for the privacy rule is Feb. 26, 2003. Closely related to the privacy rule are standards that were released in August 2000 governing the electronic transmission of protected patient information. All electronically transmitted patient data must be compliant by Oct. 16, 2002.
Together, the EDI and privacy rules will require health care providers to make substantial changes in their operations, policies, and information systems. Compliance procedures for SLPs and audiologists will vary by setting -- hospitals, clinics, schools, private practice settings, and nursing homes, for example, will all have different responses to HIPAA.
“HIPAA will definitely affect all medical SLPs and audiologists,” said SLP Paul Rao. As compliance officer at the National Rehabilitation Hospital, Rao is serving as the hospital’s privacy officer and HIPAA Steering Committee chair. “The final HIPAA privacy rule is so broad and inclusive that any provider must be vigilant in obtaining ‘authorization’ for all disclosures that don’t involve treatment. ASHA members have always been sensitive to patient privacy; however, HIPAA brings the force of law and financial penalties for breaches of confidentiality.”
Transmitting Patient Data
HIPAA requires the use of a single standard format for the electronic transmission of patient-related information, and the EDI rule is intended to eliminate the current 400 different formats for electronic health care claims. Audiologists and SLPs who transmit health information in electronic form become “covered entities” and are subject to the EDI standards published in the Aug. 17, 2000, Federal Register.
Electronic transactions including claims submissions, eligibility inquiries, health care payments, coordination of benefits information, and all other electronically transmitted patient data must conform to the EDI format by October 2002. Sanctions for failing to comply with the requirements of the rule range from $100 to $25,000.
Before the privacy rule, no clearly defined federal rules existed to protect the privacy of health information and guarantee patient access to such information. The rule, published in the Dec. 28, 2000, Federal Register, establishes a mandatory “federal floor” of privacy protections and don’t preempt more protective state laws. It will affect all providers who engage in electronic transactions involving protected patient health information -- which includes any individually identifiable health information, including a patient's name, address, and social security number.
SLPs and audiologists must obtain a patient’s consent to use and disclose protected health information for treatment, payment, and health care operations. Patients also have the right to see and correct their health records, obtain a disclosure history, and receive an advance notice of policies regarding disclosure of protected information.
Clinicians who violate the privacy rule may face financial penalties and/or prison. The rule provides for civil penalties up to $25,000 per year, per standard violated, and, when violations are made knowingly, criminal penalties ranging from $50,000 and one year in prison to $250,000 and 10 years in prison.
“This action is required by the great tides of technological and economic change that have swept through the medical profession over the last few years,” President Clinton said of the privacy rule, adding that the rule is “carefully crafted for this new era, to make medical records easier to see for those who should see them, and much harder to see for those who shouldn't.”
Watch The ASHA Leader for future HIPAA coverage. For more information, visit the Web sites listed below; contact Nikki Brown through the Action Center at 800-498-2071, ext. 4387, or by email at
HIPAA Web Sites
HHS Administrative Simplification Web Site (FAQs, published rules, press releases, etc.)
HIPAAcomply (FAQs, updates, etc.)
The Health Information Management Supersite (Q&A, resources, etc.)
Submit a Comment
Submit A Comment
Comment Title

This feature is available to Subscribers Only
Sign In or Create an Account ×
February 2001
Volume 6, Issue 3