Elaine Zablocki

SAN DIEGO — Physicians will face many questions about the new Medicare Part D benefit in coming months as patients decide whether to enroll and which plan to select in the voluntary prescription drug program, Elizabeth Carder-Thompson said at the annual meeting of the American Health Lawyers Association.

CMS has begun posting informational resources on its web site, and additional materials will become available over the next few months. The best resource at this time is the “Outreach Toolkit,” available by download or on CD-ROM, said Ms. Carder-Thompson, a lawyer with Reed Smith LLP.

“The Outreach Toolkit doesn't answer all the questions we want answered, but it's a good start,” she said.

Enrollment for Part D begins on Nov. 15, 2005, and patients must enroll by May 15, 2006, or face a financial penalty when they do.

The new coverage goes into effect Jan. 1, 2006, and the interim discount drug card program ends at that time. This means Medicare beneficiaries will need to make fairly complicated choices within a short time.

There will be at least two Part D prescription drug plans available in each geographic area, and plans may include several subplans.

A Kaiser Family Foundation survey, conducted March/April 2005, found that seniors are more likely to turn to their doctor (49%) or pharmacist (33%) for help in making these decisions, rather than to Medicare information sources (23%). About two-thirds (68%) of those surveyed said they did not have a good understanding of the new benefit.

In October 2005, Part D plans will start to send marketing materials. CMS will distribute its “Medicare and You,” handbook to all beneficiaries via mail, with a description of the new benefit. A “Plan Comparison Web Tool” and “Medicare Personal Plan Finder” will be posted at www.Medicare.gov

“CMS says it will provide materials as they did for the drug discount card but this is far more complicated than the card,” Ms. Carder-Thompson said.

According to Robert J. Hill, also of Reed Smith LLP, the CMS marketing guidelines on Part D include a great deal of material that will affect physicians. For example, enrollment cannot be taken at the point of care, such as a physician's office. If physicians offer their patients information on any Part D plan then they must offer information on all available Part D plans.

CMS has not released the final version of its marketing guidelines, and Mr. Hill expects these issues to be dealt with in more detail in the second part.

Once Part D becomes effective, doctors will face a different set of concerns, Ms. Carder-Thompson said.

When a plan doesn't cover a prescribed drug, physicians will need to provide supporting statements in order to get an exception, but many details are not clear at this time.

“The regulation is confusing,” Ms. Carder-Thompson said. “CMS says they don't want it to be hard to seek exceptions. However, it may well become an administrative burden. This is something that's going to evolve as we go along.”

Ms. Carder-Thompson advised doctors to “stay tuned” on the details of Part D, because they seem to be changing every day.

SAN DIEGO — Physicians will face many questions about the new Medicare Part D benefit in coming months as patients decide whether to enroll and which plan to select in the voluntary prescription drug program, Elizabeth Carder-Thompson said at the annual meeting of the American Health Lawyers Association.

CMS has begun posting informational resources on its web site, and additional materials will become available over the next few months. The best resource at this time is the “Outreach Toolkit,” available by download or on CD-ROM, said Ms. Carder-Thompson, a lawyer with Reed Smith LLP.

“The Outreach Toolkit doesn't answer all the questions we want answered, but it's a good start,” she said.

Enrollment for Part D begins on Nov. 15, 2005, and patients must enroll by May 15, 2006, or face a financial penalty when they do.

The new coverage goes into effect Jan. 1, 2006, and the interim discount drug card program ends at that time. This means Medicare beneficiaries will need to make fairly complicated choices within a short time.

There will be at least two Part D prescription drug plans available in each geographic area, and plans may include several subplans.

A Kaiser Family Foundation survey, conducted March/April 2005, found that seniors are more likely to turn to their doctor (49%) or pharmacist (33%) for help in making these decisions, rather than to Medicare information sources (23%). About two-thirds (68%) of those surveyed said they did not have a good understanding of the new benefit.

In October 2005, Part D plans will start to send marketing materials. CMS will distribute its “Medicare and You,” handbook to all beneficiaries via mail, with a description of the new benefit. A “Plan Comparison Web Tool” and “Medicare Personal Plan Finder” will be posted at www.Medicare.gov

“CMS says it will provide materials as they did for the drug discount card but this is far more complicated than the card,” Ms. Carder-Thompson said.

According to Robert J. Hill, also of Reed Smith LLP, the CMS marketing guidelines on Part D include a great deal of material that will affect physicians. For example, enrollment cannot be taken at the point of care, such as a physician's office. If physicians offer their patients information on any Part D plan then they must offer information on all available Part D plans.

CMS has not released the final version of its marketing guidelines, and Mr. Hill expects these issues to be dealt with in more detail in the second part.

Once Part D becomes effective, doctors will face a different set of concerns, Ms. Carder-Thompson said.

When a plan doesn't cover a prescribed drug, physicians will need to provide supporting statements in order to get an exception, but many details are not clear at this time.

“The regulation is confusing,” Ms. Carder-Thompson said. “CMS says they don't want it to be hard to seek exceptions. However, it may well become an administrative burden. This is something that's going to evolve as we go along.”

Ms. Carder-Thompson advised doctors to “stay tuned” on the details of Part D, because they seem to be changing every day.

SAN DIEGO — Physicians will face many questions about the new Medicare Part D benefit in coming months as patients decide whether to enroll and which plan to select in the voluntary prescription drug program, Elizabeth Carder-Thompson said at the annual meeting of the American Health Lawyers Association.

CMS has begun posting informational resources on its web site, and additional materials will become available over the next few months. The best resource at this time is the “Outreach Toolkit,” available by download or on CD-ROM, said Ms. Carder-Thompson, a lawyer with Reed Smith LLP.

“The Outreach Toolkit doesn't answer all the questions we want answered, but it's a good start,” she said.

Enrollment for Part D begins on Nov. 15, 2005, and patients must enroll by May 15, 2006, or face a financial penalty when they do.

The new coverage goes into effect Jan. 1, 2006, and the interim discount drug card program ends at that time. This means Medicare beneficiaries will need to make fairly complicated choices within a short time.

There will be at least two Part D prescription drug plans available in each geographic area, and plans may include several subplans.

A Kaiser Family Foundation survey, conducted March/April 2005, found that seniors are more likely to turn to their doctor (49%) or pharmacist (33%) for help in making these decisions, rather than to Medicare information sources (23%). About two-thirds (68%) of those surveyed said they did not have a good understanding of the new benefit.

In October 2005, Part D plans will start to send marketing materials. CMS will distribute its “Medicare and You,” handbook to all beneficiaries via mail, with a description of the new benefit. A “Plan Comparison Web Tool” and “Medicare Personal Plan Finder” will be posted at www.Medicare.gov

“CMS says it will provide materials as they did for the drug discount card but this is far more complicated than the card,” Ms. Carder-Thompson said.

According to Robert J. Hill, also of Reed Smith LLP, the CMS marketing guidelines on Part D include a great deal of material that will affect physicians. For example, enrollment cannot be taken at the point of care, such as a physician's office. If physicians offer their patients information on any Part D plan then they must offer information on all available Part D plans.

CMS has not released the final version of its marketing guidelines, and Mr. Hill expects these issues to be dealt with in more detail in the second part.

Once Part D becomes effective, doctors will face a different set of concerns, Ms. Carder-Thompson said.

When a plan doesn't cover a prescribed drug, physicians will need to provide supporting statements in order to get an exception, but many details are not clear at this time.

“The regulation is confusing,” Ms. Carder-Thompson said. “CMS says they don't want it to be hard to seek exceptions. However, it may well become an administrative burden. This is something that's going to evolve as we go along.”

Ms. Carder-Thompson advised doctors to “stay tuned” on the details of Part D, because they seem to be changing every day.

SAN DIEGO — Government strategies for health information technology will aid physicians by lowering the cost, improving the benefits, and lowering the risks, said David J. Brailer, M.D., Ph.D., national coordinator for health information technology, in a keynote address at the annual meeting of the American Health Lawyers Association.

Information technology “is a tectonic issue for physicians, one that separates old from young, progressive from Luddite, and those who want to be part of a performance-based future from those who want to practice the way they have for years,” said Dr. Brailer of the Department of Health and Human Services, Washington. “We're trying to be nonregulatory, to use a market-based approach, and that means we want to work with the willing. Surveys show that many physicians, at least half today, would do this if they could figure out how to do it.”

One barrier to adoption of electronic health records (EHRs) is the variety of products on the market. Certifying a basic, minimally featured EHR system will aid physicians in making rational purchasing decisions, Dr. Brailer said.

Another barrier to adoption of EHRs is the current lack of a sound business model. A “pay-as-you-go” financial model is not feasible, and financial incentives will be needed to accelerate the transition, Dr. Brailer said, without specifying any further details.

Large physician groups and hospitals are far ahead of small physician offices in adopting EHRs. According to Jodi Goldstein Daniel, a Department of Health and Human Services senior staff attorney on health information technology issues who also spoke at the meeting, more than 50% of large practices have adopted EHRs, while only 13% of small practices have done so. Dr. Brailer's office plans to monitor the adoption gap annually, to see whether it is closing, whether certified technologies are being used, and whether rural and other practices with special needs require some kind of safety net.

“We don't want to see health IT become a strategic wedge between the haves and the have-nots; we want a level playing field so that everyone can participate,” he said.

Once a significant mass of physicians shifts to EHRs and consumers experience the benefits of information passing seamlessly among their doctors within a secure electronic infrastructure, then physicians who haven't adopted EHRs “may actually get rolled over by the market,” Dr. Brailer said. “The market force, once it gets going, will be inevitable.”

SAN DIEGO — Government strategies for health information technology will aid physicians by lowering the cost, improving the benefits, and lowering the risks, said David J. Brailer, M.D., Ph.D., national coordinator for health information technology, in a keynote address at the annual meeting of the American Health Lawyers Association.

Information technology “is a tectonic issue for physicians, one that separates old from young, progressive from Luddite, and those who want to be part of a performance-based future from those who want to practice the way they have for years,” said Dr. Brailer of the Department of Health and Human Services, Washington. “We're trying to be nonregulatory, to use a market-based approach, and that means we want to work with the willing. Surveys show that many physicians, at least half today, would do this if they could figure out how to do it.”

One barrier to adoption of electronic health records (EHRs) is the variety of products on the market. Certifying a basic, minimally featured EHR system will aid physicians in making rational purchasing decisions, Dr. Brailer said.

Another barrier to adoption of EHRs is the current lack of a sound business model. A “pay-as-you-go” financial model is not feasible, and financial incentives will be needed to accelerate the transition, Dr. Brailer said, without specifying any further details.

Large physician groups and hospitals are far ahead of small physician offices in adopting EHRs. According to Jodi Goldstein Daniel, a Department of Health and Human Services senior staff attorney on health information technology issues who also spoke at the meeting, more than 50% of large practices have adopted EHRs, while only 13% of small practices have done so. Dr. Brailer's office plans to monitor the adoption gap annually, to see whether it is closing, whether certified technologies are being used, and whether rural and other practices with special needs require some kind of safety net.

“We don't want to see health IT become a strategic wedge between the haves and the have-nots; we want a level playing field so that everyone can participate,” he said.

Once a significant mass of physicians shifts to EHRs and consumers experience the benefits of information passing seamlessly among their doctors within a secure electronic infrastructure, then physicians who haven't adopted EHRs “may actually get rolled over by the market,” Dr. Brailer said. “The market force, once it gets going, will be inevitable.”

SAN DIEGO — Government strategies for health information technology will aid physicians by lowering the cost, improving the benefits, and lowering the risks, said David J. Brailer, M.D., Ph.D., national coordinator for health information technology, in a keynote address at the annual meeting of the American Health Lawyers Association.

Information technology “is a tectonic issue for physicians, one that separates old from young, progressive from Luddite, and those who want to be part of a performance-based future from those who want to practice the way they have for years,” said Dr. Brailer of the Department of Health and Human Services, Washington. “We're trying to be nonregulatory, to use a market-based approach, and that means we want to work with the willing. Surveys show that many physicians, at least half today, would do this if they could figure out how to do it.”

One barrier to adoption of electronic health records (EHRs) is the variety of products on the market. Certifying a basic, minimally featured EHR system will aid physicians in making rational purchasing decisions, Dr. Brailer said.

Another barrier to adoption of EHRs is the current lack of a sound business model. A “pay-as-you-go” financial model is not feasible, and financial incentives will be needed to accelerate the transition, Dr. Brailer said, without specifying any further details.

Large physician groups and hospitals are far ahead of small physician offices in adopting EHRs. According to Jodi Goldstein Daniel, a Department of Health and Human Services senior staff attorney on health information technology issues who also spoke at the meeting, more than 50% of large practices have adopted EHRs, while only 13% of small practices have done so. Dr. Brailer's office plans to monitor the adoption gap annually, to see whether it is closing, whether certified technologies are being used, and whether rural and other practices with special needs require some kind of safety net.

“We don't want to see health IT become a strategic wedge between the haves and the have-nots; we want a level playing field so that everyone can participate,” he said.

Once a significant mass of physicians shifts to EHRs and consumers experience the benefits of information passing seamlessly among their doctors within a secure electronic infrastructure, then physicians who haven't adopted EHRs “may actually get rolled over by the market,” Dr. Brailer said. “The market force, once it gets going, will be inevitable.”

SAN DIEGO — Physicians will face many questions about the new Medicare Part D benefit in coming months as patients decide whether to enroll and which plan to select in the voluntary prescription drug program, Elizabeth Carder-Thompson said at the annual meeting of the American Health Lawyers Association.

CMS has begun posting informational resources on its Web site, and additional materials will become available over the next few months. The best resource at this time is the “Outreach Toolkit,” available by download or on CD-ROM, said Ms. Carder-Thompson, a lawyer with Reed Smith LLP.

“The Outreach Toolkit doesn't answer all the questions we want answered, but it's a good start,” she said.

Enrollment for Part D begins on Nov. 15, 2005, and patients are required to enroll by May 15, 2006, or face a financial penalty when they do.

The new coverage goes into effect Jan. 1, 2006, and the interim discount drug card program ends at that time. This means Medicare beneficiaries will need to make fairly complicated choices within a short time.

There will be at least two part D prescription drug plans available in each geographic area, and plans may include several subplans.

A Kaiser Family Foundation survey, conducted March/April 2005, found that seniors are more likely to turn to their doctor (49%) or pharmacist (33%) for help in making these decisions, rather than to Medicare information sources (23%). About two-thirds (68%) of those surveyed said they did not have a good understanding of the new benefit.

In October 2005, Part D plans will start to send marketing materials. CMS will distribute its “Medicare and You,” handbook to all beneficiaries via mail, with a description of the new benefit. A “Plan Comparison Web Tool” and “Medicare Personal Plan Finder” will be posted at www.Medicare.gov

“CMS says it will provide materials as they did for the drug discount card but this is far more complicated than the card,” Ms. Carder-Thompson said.

According to Robert J. Hill, also of Reed Smith LLP, the CMS marketing guidelines on Part D include a great deal of material that will affect physicians. For example, enrollment cannot be taken at the point of care, such as a physician's office. If physicians offer their patients information on any Part D plan then they must offer information on all available Part D plans.

CMS has not released the final version of its marketing guidelines, and Mr. Hill expects these issues to be dealt with in more detail in the second part.

Once Part D becomes effective, doctors will face a different set of concerns, Ms. Carder-Thompson said.

When a plan does not cover a prescribed drug, physicians will need to provide supporting statements in order to get an exception, but many details are not clear at this time.

“The regulation is confusing,” Ms. Carder-Thompson said. “CMS says they don't want it to be hard to seek exceptions. However, it may well become an administrative burden. This is something that's going to evolve as we go along.”

Ms. Carder-Thompson advised doctors to “stay tuned” on the details of Part D, since they seem to change every day.

SAN DIEGO — Physicians will face many questions about the new Medicare Part D benefit in coming months as patients decide whether to enroll and which plan to select in the voluntary prescription drug program, Elizabeth Carder-Thompson said at the annual meeting of the American Health Lawyers Association.

CMS has begun posting informational resources on its Web site, and additional materials will become available over the next few months. The best resource at this time is the “Outreach Toolkit,” available by download or on CD-ROM, said Ms. Carder-Thompson, a lawyer with Reed Smith LLP.

“The Outreach Toolkit doesn't answer all the questions we want answered, but it's a good start,” she said.

Enrollment for Part D begins on Nov. 15, 2005, and patients are required to enroll by May 15, 2006, or face a financial penalty when they do.

The new coverage goes into effect Jan. 1, 2006, and the interim discount drug card program ends at that time. This means Medicare beneficiaries will need to make fairly complicated choices within a short time.

There will be at least two part D prescription drug plans available in each geographic area, and plans may include several subplans.

A Kaiser Family Foundation survey, conducted March/April 2005, found that seniors are more likely to turn to their doctor (49%) or pharmacist (33%) for help in making these decisions, rather than to Medicare information sources (23%). About two-thirds (68%) of those surveyed said they did not have a good understanding of the new benefit.

In October 2005, Part D plans will start to send marketing materials. CMS will distribute its “Medicare and You,” handbook to all beneficiaries via mail, with a description of the new benefit. A “Plan Comparison Web Tool” and “Medicare Personal Plan Finder” will be posted at www.Medicare.gov

“CMS says it will provide materials as they did for the drug discount card but this is far more complicated than the card,” Ms. Carder-Thompson said.

According to Robert J. Hill, also of Reed Smith LLP, the CMS marketing guidelines on Part D include a great deal of material that will affect physicians. For example, enrollment cannot be taken at the point of care, such as a physician's office. If physicians offer their patients information on any Part D plan then they must offer information on all available Part D plans.

CMS has not released the final version of its marketing guidelines, and Mr. Hill expects these issues to be dealt with in more detail in the second part.

Once Part D becomes effective, doctors will face a different set of concerns, Ms. Carder-Thompson said.

When a plan does not cover a prescribed drug, physicians will need to provide supporting statements in order to get an exception, but many details are not clear at this time.

“The regulation is confusing,” Ms. Carder-Thompson said. “CMS says they don't want it to be hard to seek exceptions. However, it may well become an administrative burden. This is something that's going to evolve as we go along.”

Ms. Carder-Thompson advised doctors to “stay tuned” on the details of Part D, since they seem to change every day.

SAN DIEGO — Physicians will face many questions about the new Medicare Part D benefit in coming months as patients decide whether to enroll and which plan to select in the voluntary prescription drug program, Elizabeth Carder-Thompson said at the annual meeting of the American Health Lawyers Association.

CMS has begun posting informational resources on its Web site, and additional materials will become available over the next few months. The best resource at this time is the “Outreach Toolkit,” available by download or on CD-ROM, said Ms. Carder-Thompson, a lawyer with Reed Smith LLP.

“The Outreach Toolkit doesn't answer all the questions we want answered, but it's a good start,” she said.

Enrollment for Part D begins on Nov. 15, 2005, and patients are required to enroll by May 15, 2006, or face a financial penalty when they do.

The new coverage goes into effect Jan. 1, 2006, and the interim discount drug card program ends at that time. This means Medicare beneficiaries will need to make fairly complicated choices within a short time.

There will be at least two part D prescription drug plans available in each geographic area, and plans may include several subplans.

A Kaiser Family Foundation survey, conducted March/April 2005, found that seniors are more likely to turn to their doctor (49%) or pharmacist (33%) for help in making these decisions, rather than to Medicare information sources (23%). About two-thirds (68%) of those surveyed said they did not have a good understanding of the new benefit.

In October 2005, Part D plans will start to send marketing materials. CMS will distribute its “Medicare and You,” handbook to all beneficiaries via mail, with a description of the new benefit. A “Plan Comparison Web Tool” and “Medicare Personal Plan Finder” will be posted at www.Medicare.gov

“CMS says it will provide materials as they did for the drug discount card but this is far more complicated than the card,” Ms. Carder-Thompson said.

According to Robert J. Hill, also of Reed Smith LLP, the CMS marketing guidelines on Part D include a great deal of material that will affect physicians. For example, enrollment cannot be taken at the point of care, such as a physician's office. If physicians offer their patients information on any Part D plan then they must offer information on all available Part D plans.

CMS has not released the final version of its marketing guidelines, and Mr. Hill expects these issues to be dealt with in more detail in the second part.

Once Part D becomes effective, doctors will face a different set of concerns, Ms. Carder-Thompson said.

When a plan does not cover a prescribed drug, physicians will need to provide supporting statements in order to get an exception, but many details are not clear at this time.

“The regulation is confusing,” Ms. Carder-Thompson said. “CMS says they don't want it to be hard to seek exceptions. However, it may well become an administrative burden. This is something that's going to evolve as we go along.”

Ms. Carder-Thompson advised doctors to “stay tuned” on the details of Part D, since they seem to change every day.

SAN DIEGO – Physicians will face many questions about the new Medicare Part D benefit in coming months as patients decide whether to enroll and which plan to select in the voluntary prescription drug program, Elizabeth Carder-Thompson said at the annual meeting of the American Health Lawyers Association.

The Centers for Medicare and Medicaid Services (CMS) has begun posting informational resources on its Web site, and additional materials will become available over the next few months. The best resource at this time is the “Outreach Toolkit,” available by download or on CD-ROM, said Ms. Carder-Thompson, a lawyer with Reed Smith LLP.

“The Outreach Toolkit doesn't answer all the questions we want answered, but it's a good start,” she said.

Enrollment for Part D begins on Nov. 15, 2005, and patients must enroll by May 15, 2006, or face a financial penalty when they do. The new coverage goes into effect Jan. 1, 2006, and the interim discount drug card program ends at that time. This means Medicare beneficiaries will need to make fairly complicated choices within a short time. There will be at least two Part D prescription drug plans available in each geographic area, and plans may include several subplans.

A Kaiser Family Foundation survey that was conducted in March and April of 2005 found that seniors are more likely to turn to their doctor (49%) or their pharmacist (33%) for help in making these types of decisions, rather than to Medicare information sources (23%). About two-thirds (68%) of those surveyed said they did not have a good understanding of the new benefit.

In October 2005, Part D plans will start to send out marketing materials. CMS will distribute its “Medicare and You,” handbook to all beneficiaries via mail, with a description of the new benefit. A “Plan Comparison Web Tool” and “Medicare Personal Plan Finder” will be posted at www.medicare.gov

“CMS says it will provide materials as they did for the drug discount card but this is far more complicated than the card,” Ms. Carder-Thompson said.

According to Robert J. Hill, also of Reed Smith LLP, the CMS marketing guidelines on Part D include a great deal of material that will affect physicians. For example, enrollment cannot be taken at the point of care, such as a physician's office. If physicians offer their patients information on any Part D plan then they must offer information on all available Part D plans.

CMS has not released the final version of its marketing guidelines, and Mr. Hill expects these issues to be dealt with in more detail in the second part.

Once Part D becomes effective, doctors will face a different set of concerns, Ms. Carder-Thompson said.

When a plan doesn't cover a prescribed drug, physicians will need to provide supporting statements in order to get an exception, but many details are not clear at this time.

“The regulation is confusing,” Ms. Carder-Thompson said.

“CMS says they don't want it to be hard to seek exceptions. However, it may well become an administrative burden. This is something that's going to evolve as we go along,” she commented.

Ms. Carder-Thompson advised physicians to “stay tuned” on the details of Part D, because they seem to be changing every day.

SAN DIEGO – Physicians will face many questions about the new Medicare Part D benefit in coming months as patients decide whether to enroll and which plan to select in the voluntary prescription drug program, Elizabeth Carder-Thompson said at the annual meeting of the American Health Lawyers Association.

The Centers for Medicare and Medicaid Services (CMS) has begun posting informational resources on its Web site, and additional materials will become available over the next few months. The best resource at this time is the “Outreach Toolkit,” available by download or on CD-ROM, said Ms. Carder-Thompson, a lawyer with Reed Smith LLP.

“The Outreach Toolkit doesn't answer all the questions we want answered, but it's a good start,” she said.

Enrollment for Part D begins on Nov. 15, 2005, and patients must enroll by May 15, 2006, or face a financial penalty when they do. The new coverage goes into effect Jan. 1, 2006, and the interim discount drug card program ends at that time. This means Medicare beneficiaries will need to make fairly complicated choices within a short time. There will be at least two Part D prescription drug plans available in each geographic area, and plans may include several subplans.

A Kaiser Family Foundation survey that was conducted in March and April of 2005 found that seniors are more likely to turn to their doctor (49%) or their pharmacist (33%) for help in making these types of decisions, rather than to Medicare information sources (23%). About two-thirds (68%) of those surveyed said they did not have a good understanding of the new benefit.

In October 2005, Part D plans will start to send out marketing materials. CMS will distribute its “Medicare and You,” handbook to all beneficiaries via mail, with a description of the new benefit. A “Plan Comparison Web Tool” and “Medicare Personal Plan Finder” will be posted at www.medicare.gov

“CMS says it will provide materials as they did for the drug discount card but this is far more complicated than the card,” Ms. Carder-Thompson said.

According to Robert J. Hill, also of Reed Smith LLP, the CMS marketing guidelines on Part D include a great deal of material that will affect physicians. For example, enrollment cannot be taken at the point of care, such as a physician's office. If physicians offer their patients information on any Part D plan then they must offer information on all available Part D plans.

CMS has not released the final version of its marketing guidelines, and Mr. Hill expects these issues to be dealt with in more detail in the second part.

Once Part D becomes effective, doctors will face a different set of concerns, Ms. Carder-Thompson said.

When a plan doesn't cover a prescribed drug, physicians will need to provide supporting statements in order to get an exception, but many details are not clear at this time.

“The regulation is confusing,” Ms. Carder-Thompson said.

“CMS says they don't want it to be hard to seek exceptions. However, it may well become an administrative burden. This is something that's going to evolve as we go along,” she commented.

Ms. Carder-Thompson advised physicians to “stay tuned” on the details of Part D, because they seem to be changing every day.

SAN DIEGO – Physicians will face many questions about the new Medicare Part D benefit in coming months as patients decide whether to enroll and which plan to select in the voluntary prescription drug program, Elizabeth Carder-Thompson said at the annual meeting of the American Health Lawyers Association.

The Centers for Medicare and Medicaid Services (CMS) has begun posting informational resources on its Web site, and additional materials will become available over the next few months. The best resource at this time is the “Outreach Toolkit,” available by download or on CD-ROM, said Ms. Carder-Thompson, a lawyer with Reed Smith LLP.

“The Outreach Toolkit doesn't answer all the questions we want answered, but it's a good start,” she said.

Enrollment for Part D begins on Nov. 15, 2005, and patients must enroll by May 15, 2006, or face a financial penalty when they do. The new coverage goes into effect Jan. 1, 2006, and the interim discount drug card program ends at that time. This means Medicare beneficiaries will need to make fairly complicated choices within a short time. There will be at least two Part D prescription drug plans available in each geographic area, and plans may include several subplans.

A Kaiser Family Foundation survey that was conducted in March and April of 2005 found that seniors are more likely to turn to their doctor (49%) or their pharmacist (33%) for help in making these types of decisions, rather than to Medicare information sources (23%). About two-thirds (68%) of those surveyed said they did not have a good understanding of the new benefit.

In October 2005, Part D plans will start to send out marketing materials. CMS will distribute its “Medicare and You,” handbook to all beneficiaries via mail, with a description of the new benefit. A “Plan Comparison Web Tool” and “Medicare Personal Plan Finder” will be posted at www.medicare.gov

“CMS says it will provide materials as they did for the drug discount card but this is far more complicated than the card,” Ms. Carder-Thompson said.

According to Robert J. Hill, also of Reed Smith LLP, the CMS marketing guidelines on Part D include a great deal of material that will affect physicians. For example, enrollment cannot be taken at the point of care, such as a physician's office. If physicians offer their patients information on any Part D plan then they must offer information on all available Part D plans.

CMS has not released the final version of its marketing guidelines, and Mr. Hill expects these issues to be dealt with in more detail in the second part.

Once Part D becomes effective, doctors will face a different set of concerns, Ms. Carder-Thompson said.

When a plan doesn't cover a prescribed drug, physicians will need to provide supporting statements in order to get an exception, but many details are not clear at this time.

“The regulation is confusing,” Ms. Carder-Thompson said.

“CMS says they don't want it to be hard to seek exceptions. However, it may well become an administrative burden. This is something that's going to evolve as we go along,” she commented.

Ms. Carder-Thompson advised physicians to “stay tuned” on the details of Part D, because they seem to be changing every day.

SAN DIEGO – Health care organizations need a proactive process in place to deal with Health Insurance Portability and Accountability Act complaints, Teresa A. Williams, in-house counsel for Integris Health Inc., said at the annual meeting of the American Health Lawyers Association. Having an effective complaint process in place could reduce the number of complaints patients file with government enforcement agencies.

At present, HIPAA enforcement is primarily complaint based, Ms. Williams said. During the first year of enforcement, 5,648 complaints were filed with the Office for Civil Rights (OCR), according to a report published by the Government Accountability Office. Of those, about 56% alleged impermissible use and disclosure of protected health information, about 33% alleged inadequate safeguards, and about 17% concerned patient access to information. (Percentages total more than 100 because some complaints fall into more than one category.)

As of June 30, 2005, OCR has received more than 13,700 complaints, and has closed 67% of those cases. They've been closed because the alleged activity actually did not violate the privacy rule, or because OCR lacks jurisdiction, or because the complaint was resolved through voluntary compliance. To date, OCR hasn't actually imposed any monetary penalties.

OCR is making every effort to resolve potential cases informally. Ms. Williams gave an example from her company.

Last fall, a patient at one of Integris Health's rural facilities filed an OCR complaint alleging her son's health information had been improperly disclosed. Within 2 days, Integris was able to confirm, through an audit trail, that this had in fact happened, and the responsible employee was terminated.

OCR then requested a copy of the explanatory letter sent to the complainant, records showing that the employee had received appropriate training about HIPAA, and written evidence of termination. “It was all very informal, just a series of phone calls and letters back and forth,” Ms. Williams said. “It took only about 2 months for our case to be closed.”

Ms. Williams advises health care organizations to put a strategy in place for handling potential HIPAA complaints. Here are the key steps:

▸ Train staff on appropriate records and documentation.

▸ Develop and enforce discipline policies.

▸ Conduct patient satisfaction surveys.

▸ Conduct training to inform staff about appropriate uses and disclosures of protected health information.

▸ Take corrective action if necessary, then document it.

▸ Use information gained from the complaint process to better your system.

A variety of methods may be used to process complaints, including written complaint forms, a hotline, a privacy officer, regular mail, e-mail, and online forums. One key element: The person in charge of the complaint process should be able to listen and respond with empathy.

“Sometimes people aren't looking for a monetary resolution,” Ms. Williams said. “They just want someone to listen to their complaint and tell them that it's been corrected.”

Enforcement Rule Needs Clarification

The final installment of the HIPAA enforcement rule was released on April 18, 2005. Civil monetary penalties are set at a maximum of $100 per violation, up to a maximum of $25,000 for all violations of an identical requirement per calendar year.

But a single act can create multiple violations, Ms. Williams pointed out. That's because the rule uses three variables to calculate the number of violations:

▸ The number of times a covered entity takes a prohibited action or failed to take a required action.

▸ The number of persons involved or affected.

▸ The duration of the violation, counted in days.

Under the new rule, information about civil monetary penalties, including reason for the penalty and identity of the covered entity, will be made available to the general public. It is not clear whether this happens when the penalty is first imposed, or after legal appeals are completed.

“This provision is a bit worrisome,” Ms. Williams said.

If an emergency department, over a 3-month period, doesn't collect and file written acknowledgments of privacy notifications, that would count as numerous violations of the privacy rule.

“If a consumer then reads in the paper that your hospital paid hundreds of thousands of dollars for a thousand violations of the privacy rule, that's arguably misleading,” Ms. Williams said. “This is an area that hopefully will be clarified and changed.”

SAN DIEGO – Health care organizations need a proactive process in place to deal with Health Insurance Portability and Accountability Act complaints, Teresa A. Williams, in-house counsel for Integris Health Inc., said at the annual meeting of the American Health Lawyers Association. Having an effective complaint process in place could reduce the number of complaints patients file with government enforcement agencies.

At present, HIPAA enforcement is primarily complaint based, Ms. Williams said. During the first year of enforcement, 5,648 complaints were filed with the Office for Civil Rights (OCR), according to a report published by the Government Accountability Office. Of those, about 56% alleged impermissible use and disclosure of protected health information, about 33% alleged inadequate safeguards, and about 17% concerned patient access to information. (Percentages total more than 100 because some complaints fall into more than one category.)

As of June 30, 2005, OCR has received more than 13,700 complaints, and has closed 67% of those cases. They've been closed because the alleged activity actually did not violate the privacy rule, or because OCR lacks jurisdiction, or because the complaint was resolved through voluntary compliance. To date, OCR hasn't actually imposed any monetary penalties.

OCR is making every effort to resolve potential cases informally. Ms. Williams gave an example from her company.

Last fall, a patient at one of Integris Health's rural facilities filed an OCR complaint alleging her son's health information had been improperly disclosed. Within 2 days, Integris was able to confirm, through an audit trail, that this had in fact happened, and the responsible employee was terminated.

OCR then requested a copy of the explanatory letter sent to the complainant, records showing that the employee had received appropriate training about HIPAA, and written evidence of termination. “It was all very informal, just a series of phone calls and letters back and forth,” Ms. Williams said. “It took only about 2 months for our case to be closed.”

Ms. Williams advises health care organizations to put a strategy in place for handling potential HIPAA complaints. Here are the key steps:

▸ Train staff on appropriate records and documentation.

▸ Develop and enforce discipline policies.

▸ Conduct patient satisfaction surveys.

▸ Conduct training to inform staff about appropriate uses and disclosures of protected health information.

▸ Take corrective action if necessary, then document it.

▸ Use information gained from the complaint process to better your system.

A variety of methods may be used to process complaints, including written complaint forms, a hotline, a privacy officer, regular mail, e-mail, and online forums. One key element: The person in charge of the complaint process should be able to listen and respond with empathy.

“Sometimes people aren't looking for a monetary resolution,” Ms. Williams said. “They just want someone to listen to their complaint and tell them that it's been corrected.”

Enforcement Rule Needs Clarification

The final installment of the HIPAA enforcement rule was released on April 18, 2005. Civil monetary penalties are set at a maximum of $100 per violation, up to a maximum of $25,000 for all violations of an identical requirement per calendar year.

But a single act can create multiple violations, Ms. Williams pointed out. That's because the rule uses three variables to calculate the number of violations:

▸ The number of times a covered entity takes a prohibited action or failed to take a required action.

▸ The number of persons involved or affected.

▸ The duration of the violation, counted in days.

Under the new rule, information about civil monetary penalties, including reason for the penalty and identity of the covered entity, will be made available to the general public. It is not clear whether this happens when the penalty is first imposed, or after legal appeals are completed.

“This provision is a bit worrisome,” Ms. Williams said.

If an emergency department, over a 3-month period, doesn't collect and file written acknowledgments of privacy notifications, that would count as numerous violations of the privacy rule.

“If a consumer then reads in the paper that your hospital paid hundreds of thousands of dollars for a thousand violations of the privacy rule, that's arguably misleading,” Ms. Williams said. “This is an area that hopefully will be clarified and changed.”

SAN DIEGO – Health care organizations need a proactive process in place to deal with Health Insurance Portability and Accountability Act complaints, Teresa A. Williams, in-house counsel for Integris Health Inc., said at the annual meeting of the American Health Lawyers Association. Having an effective complaint process in place could reduce the number of complaints patients file with government enforcement agencies.

At present, HIPAA enforcement is primarily complaint based, Ms. Williams said. During the first year of enforcement, 5,648 complaints were filed with the Office for Civil Rights (OCR), according to a report published by the Government Accountability Office. Of those, about 56% alleged impermissible use and disclosure of protected health information, about 33% alleged inadequate safeguards, and about 17% concerned patient access to information. (Percentages total more than 100 because some complaints fall into more than one category.)

As of June 30, 2005, OCR has received more than 13,700 complaints, and has closed 67% of those cases. They've been closed because the alleged activity actually did not violate the privacy rule, or because OCR lacks jurisdiction, or because the complaint was resolved through voluntary compliance. To date, OCR hasn't actually imposed any monetary penalties.

OCR is making every effort to resolve potential cases informally. Ms. Williams gave an example from her company.

Last fall, a patient at one of Integris Health's rural facilities filed an OCR complaint alleging her son's health information had been improperly disclosed. Within 2 days, Integris was able to confirm, through an audit trail, that this had in fact happened, and the responsible employee was terminated.

OCR then requested a copy of the explanatory letter sent to the complainant, records showing that the employee had received appropriate training about HIPAA, and written evidence of termination. “It was all very informal, just a series of phone calls and letters back and forth,” Ms. Williams said. “It took only about 2 months for our case to be closed.”

Ms. Williams advises health care organizations to put a strategy in place for handling potential HIPAA complaints. Here are the key steps:

▸ Train staff on appropriate records and documentation.

▸ Develop and enforce discipline policies.

▸ Conduct patient satisfaction surveys.

▸ Conduct training to inform staff about appropriate uses and disclosures of protected health information.

▸ Take corrective action if necessary, then document it.

▸ Use information gained from the complaint process to better your system.

A variety of methods may be used to process complaints, including written complaint forms, a hotline, a privacy officer, regular mail, e-mail, and online forums. One key element: The person in charge of the complaint process should be able to listen and respond with empathy.

“Sometimes people aren't looking for a monetary resolution,” Ms. Williams said. “They just want someone to listen to their complaint and tell them that it's been corrected.”

Enforcement Rule Needs Clarification

The final installment of the HIPAA enforcement rule was released on April 18, 2005. Civil monetary penalties are set at a maximum of $100 per violation, up to a maximum of $25,000 for all violations of an identical requirement per calendar year.

But a single act can create multiple violations, Ms. Williams pointed out. That's because the rule uses three variables to calculate the number of violations:

▸ The number of times a covered entity takes a prohibited action or failed to take a required action.

▸ The number of persons involved or affected.

▸ The duration of the violation, counted in days.

Under the new rule, information about civil monetary penalties, including reason for the penalty and identity of the covered entity, will be made available to the general public. It is not clear whether this happens when the penalty is first imposed, or after legal appeals are completed.

“This provision is a bit worrisome,” Ms. Williams said.

If an emergency department, over a 3-month period, doesn't collect and file written acknowledgments of privacy notifications, that would count as numerous violations of the privacy rule.

“If a consumer then reads in the paper that your hospital paid hundreds of thousands of dollars for a thousand violations of the privacy rule, that's arguably misleading,” Ms. Williams said. “This is an area that hopefully will be clarified and changed.”

SAN DIEGO — Health care organizations need a proactive process in place to deal with Health Insurance Portability and Accountability Act complaints, Teresa A. Williams, in-house counsel for Integris Health Inc., said at the annual meeting of the American Health Lawyers Association.

Having an effective complaint process in place could reduce the number of complaints patients file with government enforcement agencies.

At present, HIPAA enforcement is primarily complaint based, Ms. Williams said. During the first year of enforcement, 5,648 complaints were filed with the Office for Civil Rights (OCR), according to a report published by the Government Accountability Office.

Of those, about 56% alleged impermissible use and disclosure of protected health information, about 33% alleged inadequate safeguards, and about 17% concerned patient access to information. (Percentages total more than 100 because some complaints fall into more than one category.)

As of June 30, 2005, OCR has received more than 13,700 complaints, and has closed 67% of those cases. They've been closed because the alleged activity actually did not violate the privacy rule, or because OCR lacks jurisdiction, or because the complaint was resolved through voluntary compliance. To date, OCR hasn't actually imposed any monetary penalties.

OCR is making every effort to resolve potential cases informally. Ms. Williams gave an example from her company.

Last fall, a patient at one of Integris Health's rural facilities filed an OCR complaint alleging her son's health information had been improperly disclosed. Within 2 days, Integris was able to confirm, through an audit trail, that this had in fact happened, and the responsible employee was terminated.

OCR then requested a copy of the explanatory letter sent to the complainant, records showing that the employee had received appropriate training about HIPAA, and written evidence of termination. “It was all very informal, just a series of phone calls and letters back and forth,” Ms. Williams said. “It took only about 2 months for our case to be closed.”

Ms. Williams advises health care organizations to put a strategy in place for handling potential HIPAA complaints. Key steps:

▸ Train staff on appropriate records and documentation.

▸ Develop and enforce discipline policies.

▸ Conduct patient satisfaction surveys.

▸ Conduct training to inform staff about appropriate uses and disclosures of protected health information.

▸ Take corrective action if necessary, then document it.

▸ Use information gained from the complaint process to better your system.

A variety of methods may be used to process complaints. These methods include written complaint forms, a hotline, a privacy officer, regular mail, e-mail, and online forums.

There is one key element: The person in charge of the complaint process should be able to listen and respond with empathy to the patient.

“Sometimes people aren't looking for a monetary resolution,” Ms. Williams said. “They just want someone to listen to their complaint and tell them that it's been corrected.”

HIPAA Rule Has 'Worrisome' Provision

The final installment of the HIPAA enforcement rule was released on April 18, 2005. Civil monetary penalties are set at a maximum of $100 per violation, up to a maximum of $25,000 for all violations of an identical requirement per calendar year.

But a single act can create multiple violations, Ms. Williams pointed out. That's because the rule uses three variables to calculate the number of violations that have occurred:

▸ The number of times a covered entity takes a prohibited action or failed to take a required action.

▸ The number of persons involved or affected.

▸ The duration of the violation, counted in days.

Under the new rule, information about civil monetary penalties, including reason for the penalty and identity of the covered entity, will be made available to the general public. It is not clear whether this happens when the penalty is first imposed, or after legal appeals are completed.

“This provision is a bit worrisome,” Ms. Williams said.

If an emergency department over a 3-month period doesn't collect and file written acknowledgments of privacy notifications, that would count as numerous violations of the privacy rule.

“If a consumer then reads in the paper that your hospital paid hundreds of thousands of dollars for a thousand violations of the privacy rule, that's arguably misleading,” Ms. Williams said. “This is an area that hopefully will be clarified and changed.”

SAN DIEGO — Health care organizations need a proactive process in place to deal with Health Insurance Portability and Accountability Act complaints, Teresa A. Williams, in-house counsel for Integris Health Inc., said at the annual meeting of the American Health Lawyers Association.

Having an effective complaint process in place could reduce the number of complaints patients file with government enforcement agencies.

At present, HIPAA enforcement is primarily complaint based, Ms. Williams said. During the first year of enforcement, 5,648 complaints were filed with the Office for Civil Rights (OCR), according to a report published by the Government Accountability Office.

Of those, about 56% alleged impermissible use and disclosure of protected health information, about 33% alleged inadequate safeguards, and about 17% concerned patient access to information. (Percentages total more than 100 because some complaints fall into more than one category.)

As of June 30, 2005, OCR has received more than 13,700 complaints, and has closed 67% of those cases. They've been closed because the alleged activity actually did not violate the privacy rule, or because OCR lacks jurisdiction, or because the complaint was resolved through voluntary compliance. To date, OCR hasn't actually imposed any monetary penalties.

OCR is making every effort to resolve potential cases informally. Ms. Williams gave an example from her company.

Last fall, a patient at one of Integris Health's rural facilities filed an OCR complaint alleging her son's health information had been improperly disclosed. Within 2 days, Integris was able to confirm, through an audit trail, that this had in fact happened, and the responsible employee was terminated.

OCR then requested a copy of the explanatory letter sent to the complainant, records showing that the employee had received appropriate training about HIPAA, and written evidence of termination. “It was all very informal, just a series of phone calls and letters back and forth,” Ms. Williams said. “It took only about 2 months for our case to be closed.”

Ms. Williams advises health care organizations to put a strategy in place for handling potential HIPAA complaints. Key steps:

▸ Train staff on appropriate records and documentation.

▸ Develop and enforce discipline policies.

▸ Conduct patient satisfaction surveys.

▸ Conduct training to inform staff about appropriate uses and disclosures of protected health information.

▸ Take corrective action if necessary, then document it.

▸ Use information gained from the complaint process to better your system.

A variety of methods may be used to process complaints. These methods include written complaint forms, a hotline, a privacy officer, regular mail, e-mail, and online forums.

There is one key element: The person in charge of the complaint process should be able to listen and respond with empathy to the patient.

“Sometimes people aren't looking for a monetary resolution,” Ms. Williams said. “They just want someone to listen to their complaint and tell them that it's been corrected.”

HIPAA Rule Has 'Worrisome' Provision

The final installment of the HIPAA enforcement rule was released on April 18, 2005. Civil monetary penalties are set at a maximum of $100 per violation, up to a maximum of $25,000 for all violations of an identical requirement per calendar year.

But a single act can create multiple violations, Ms. Williams pointed out. That's because the rule uses three variables to calculate the number of violations that have occurred:

▸ The number of times a covered entity takes a prohibited action or failed to take a required action.

▸ The number of persons involved or affected.

▸ The duration of the violation, counted in days.

Under the new rule, information about civil monetary penalties, including reason for the penalty and identity of the covered entity, will be made available to the general public. It is not clear whether this happens when the penalty is first imposed, or after legal appeals are completed.

“This provision is a bit worrisome,” Ms. Williams said.

If an emergency department over a 3-month period doesn't collect and file written acknowledgments of privacy notifications, that would count as numerous violations of the privacy rule.

“If a consumer then reads in the paper that your hospital paid hundreds of thousands of dollars for a thousand violations of the privacy rule, that's arguably misleading,” Ms. Williams said. “This is an area that hopefully will be clarified and changed.”

SAN DIEGO — Health care organizations need a proactive process in place to deal with Health Insurance Portability and Accountability Act complaints, Teresa A. Williams, in-house counsel for Integris Health Inc., said at the annual meeting of the American Health Lawyers Association.

Having an effective complaint process in place could reduce the number of complaints patients file with government enforcement agencies.

At present, HIPAA enforcement is primarily complaint based, Ms. Williams said. During the first year of enforcement, 5,648 complaints were filed with the Office for Civil Rights (OCR), according to a report published by the Government Accountability Office.

Of those, about 56% alleged impermissible use and disclosure of protected health information, about 33% alleged inadequate safeguards, and about 17% concerned patient access to information. (Percentages total more than 100 because some complaints fall into more than one category.)

As of June 30, 2005, OCR has received more than 13,700 complaints, and has closed 67% of those cases. They've been closed because the alleged activity actually did not violate the privacy rule, or because OCR lacks jurisdiction, or because the complaint was resolved through voluntary compliance. To date, OCR hasn't actually imposed any monetary penalties.

OCR is making every effort to resolve potential cases informally. Ms. Williams gave an example from her company.

Last fall, a patient at one of Integris Health's rural facilities filed an OCR complaint alleging her son's health information had been improperly disclosed. Within 2 days, Integris was able to confirm, through an audit trail, that this had in fact happened, and the responsible employee was terminated.

OCR then requested a copy of the explanatory letter sent to the complainant, records showing that the employee had received appropriate training about HIPAA, and written evidence of termination. “It was all very informal, just a series of phone calls and letters back and forth,” Ms. Williams said. “It took only about 2 months for our case to be closed.”

Ms. Williams advises health care organizations to put a strategy in place for handling potential HIPAA complaints. Key steps:

▸ Train staff on appropriate records and documentation.

▸ Develop and enforce discipline policies.

▸ Conduct patient satisfaction surveys.

▸ Conduct training to inform staff about appropriate uses and disclosures of protected health information.

▸ Take corrective action if necessary, then document it.

▸ Use information gained from the complaint process to better your system.

A variety of methods may be used to process complaints. These methods include written complaint forms, a hotline, a privacy officer, regular mail, e-mail, and online forums.

There is one key element: The person in charge of the complaint process should be able to listen and respond with empathy to the patient.

“Sometimes people aren't looking for a monetary resolution,” Ms. Williams said. “They just want someone to listen to their complaint and tell them that it's been corrected.”

HIPAA Rule Has 'Worrisome' Provision

The final installment of the HIPAA enforcement rule was released on April 18, 2005. Civil monetary penalties are set at a maximum of $100 per violation, up to a maximum of $25,000 for all violations of an identical requirement per calendar year.

But a single act can create multiple violations, Ms. Williams pointed out. That's because the rule uses three variables to calculate the number of violations that have occurred:

▸ The number of times a covered entity takes a prohibited action or failed to take a required action.

▸ The number of persons involved or affected.

▸ The duration of the violation, counted in days.

Under the new rule, information about civil monetary penalties, including reason for the penalty and identity of the covered entity, will be made available to the general public. It is not clear whether this happens when the penalty is first imposed, or after legal appeals are completed.

“This provision is a bit worrisome,” Ms. Williams said.

If an emergency department over a 3-month period doesn't collect and file written acknowledgments of privacy notifications, that would count as numerous violations of the privacy rule.

“If a consumer then reads in the paper that your hospital paid hundreds of thousands of dollars for a thousand violations of the privacy rule, that's arguably misleading,” Ms. Williams said. “This is an area that hopefully will be clarified and changed.”

SAN DIEGO — Health care organizations need a proactive process in place to deal with Health Insurance Portability and Accountability Act complaints, Teresa A. Williams, in-house counsel for Integris Health Inc., said at the annual meeting of the American Health Lawyers Association. Having an effective complaint process in place could reduce the number of complaints patients file with government enforcement agencies.

At present, HIPAA enforcement is primarily complaint based, Ms. Williams said. During the first year of enforcement, 5,648 complaints were filed with the Office for Civil Rights (OCR), according to a report published by the Government Accountability Office. Of those, about 56% alleged impermissible use and disclosure of protected health information, about 33% alleged inadequate safeguards, and about 17% concerned patient access to information. (Percentages total more than 100 because some complaints fall into more than one category.)

As of June 30, 2005, OCR has received more than 13,700 complaints, and has closed 67% of those cases. They've been closed because the alleged activity actually did not violate the privacy rule, or because OCR lacks jurisdiction, or because the complaint was resolved through voluntary compliance. To date, OCR hasn't actually imposed any monetary penalties.

OCR is making every effort to resolve potential cases informally. Ms. Williams gave an example from her company.

Last fall, a patient at one of Integris Health's rural facilities filed an OCR complaint alleging her son's health information had been improperly disclosed. Within 2 days, Integris was able to confirm, through an audit trail, that this had in fact happened, and the responsible employee was terminated. OCR then requested a copy of the explanatory letter sent to the complainant, records showing that the employee had received appropriate training about HIPAA, and written evidence of termination. "It was all very informal, just a series of phone calls and letters back and forth," Ms. Williams said. "It took only about 2 months for our case to be closed."

Ms. Williams advises health care organizations to have a strategy for handling potential HIPAA complaints. Key steps:

▸ Train staff on appropriate records and documentation.

▸ Develop and enforce discipline policies.

▸ Conduct patient satisfaction surveys.

▸ Conduct training to inform staff about appropriate uses and disclosures of protected health information.

▸ Take corrective action if necessary, then document it.

▸ Use information gained from the complaint process to better your system.

Methods to process complaints include written forms, a hotline, a privacy officer, regular mail, e-mail, and online forums. One key element: The person in charge of the complaint process should be able to listen and respond with empathy.

Enforcement Rule Called Worrisome

The final installment of the HIPAA enforcement rule was released on April 18, 2005. Civil monetary penalties are set at a maximum of $100 per violation, up to a maximum of $25,000 for all violations of an identical requirement per calendar year.

But a single act can create multiple violations, Ms. Williams pointed out. That's because the rule uses three variables to calculate the number of violations:

▸ The number of times a covered entity takes a prohibited action or failed to take a required action.

▸ The number of persons involved or affected.

▸ The duration of the violation, counted in days.

Under the new rule, information about civil monetary penalties, including reason for the penalty and identity of the covered entity, will be made available to the general public. It is not clear whether this happens when the penalty is first imposed, or after legal appeals are completed.

"This provision is a bit worrisome," Ms. Williams said.

SAN DIEGO — Health care organizations need a proactive process in place to deal with Health Insurance Portability and Accountability Act complaints, Teresa A. Williams, in-house counsel for Integris Health Inc., said at the annual meeting of the American Health Lawyers Association. Having an effective complaint process in place could reduce the number of complaints patients file with government enforcement agencies.

At present, HIPAA enforcement is primarily complaint based, Ms. Williams said. During the first year of enforcement, 5,648 complaints were filed with the Office for Civil Rights (OCR), according to a report published by the Government Accountability Office. Of those, about 56% alleged impermissible use and disclosure of protected health information, about 33% alleged inadequate safeguards, and about 17% concerned patient access to information. (Percentages total more than 100 because some complaints fall into more than one category.)

As of June 30, 2005, OCR has received more than 13,700 complaints, and has closed 67% of those cases. They've been closed because the alleged activity actually did not violate the privacy rule, or because OCR lacks jurisdiction, or because the complaint was resolved through voluntary compliance. To date, OCR hasn't actually imposed any monetary penalties.

OCR is making every effort to resolve potential cases informally. Ms. Williams gave an example from her company.

Last fall, a patient at one of Integris Health's rural facilities filed an OCR complaint alleging her son's health information had been improperly disclosed. Within 2 days, Integris was able to confirm, through an audit trail, that this had in fact happened, and the responsible employee was terminated. OCR then requested a copy of the explanatory letter sent to the complainant, records showing that the employee had received appropriate training about HIPAA, and written evidence of termination. "It was all very informal, just a series of phone calls and letters back and forth," Ms. Williams said. "It took only about 2 months for our case to be closed."

Ms. Williams advises health care organizations to have a strategy for handling potential HIPAA complaints. Key steps:

▸ Train staff on appropriate records and documentation.

▸ Develop and enforce discipline policies.

▸ Conduct patient satisfaction surveys.

▸ Conduct training to inform staff about appropriate uses and disclosures of protected health information.

▸ Take corrective action if necessary, then document it.

▸ Use information gained from the complaint process to better your system.

Methods to process complaints include written forms, a hotline, a privacy officer, regular mail, e-mail, and online forums. One key element: The person in charge of the complaint process should be able to listen and respond with empathy.

Enforcement Rule Called Worrisome

The final installment of the HIPAA enforcement rule was released on April 18, 2005. Civil monetary penalties are set at a maximum of $100 per violation, up to a maximum of $25,000 for all violations of an identical requirement per calendar year.

But a single act can create multiple violations, Ms. Williams pointed out. That's because the rule uses three variables to calculate the number of violations:

▸ The number of times a covered entity takes a prohibited action or failed to take a required action.

▸ The number of persons involved or affected.

▸ The duration of the violation, counted in days.

Under the new rule, information about civil monetary penalties, including reason for the penalty and identity of the covered entity, will be made available to the general public. It is not clear whether this happens when the penalty is first imposed, or after legal appeals are completed.

"This provision is a bit worrisome," Ms. Williams said.

SAN DIEGO — Health care organizations need a proactive process in place to deal with Health Insurance Portability and Accountability Act complaints, Teresa A. Williams, in-house counsel for Integris Health Inc., said at the annual meeting of the American Health Lawyers Association. Having an effective complaint process in place could reduce the number of complaints patients file with government enforcement agencies.

At present, HIPAA enforcement is primarily complaint based, Ms. Williams said. During the first year of enforcement, 5,648 complaints were filed with the Office for Civil Rights (OCR), according to a report published by the Government Accountability Office. Of those, about 56% alleged impermissible use and disclosure of protected health information, about 33% alleged inadequate safeguards, and about 17% concerned patient access to information. (Percentages total more than 100 because some complaints fall into more than one category.)

As of June 30, 2005, OCR has received more than 13,700 complaints, and has closed 67% of those cases. They've been closed because the alleged activity actually did not violate the privacy rule, or because OCR lacks jurisdiction, or because the complaint was resolved through voluntary compliance. To date, OCR hasn't actually imposed any monetary penalties.

OCR is making every effort to resolve potential cases informally. Ms. Williams gave an example from her company.

Last fall, a patient at one of Integris Health's rural facilities filed an OCR complaint alleging her son's health information had been improperly disclosed. Within 2 days, Integris was able to confirm, through an audit trail, that this had in fact happened, and the responsible employee was terminated. OCR then requested a copy of the explanatory letter sent to the complainant, records showing that the employee had received appropriate training about HIPAA, and written evidence of termination. "It was all very informal, just a series of phone calls and letters back and forth," Ms. Williams said. "It took only about 2 months for our case to be closed."

Ms. Williams advises health care organizations to have a strategy for handling potential HIPAA complaints. Key steps:

▸ Train staff on appropriate records and documentation.

▸ Develop and enforce discipline policies.

▸ Conduct patient satisfaction surveys.

▸ Conduct training to inform staff about appropriate uses and disclosures of protected health information.

▸ Take corrective action if necessary, then document it.

▸ Use information gained from the complaint process to better your system.

Methods to process complaints include written forms, a hotline, a privacy officer, regular mail, e-mail, and online forums. One key element: The person in charge of the complaint process should be able to listen and respond with empathy.

Enforcement Rule Called Worrisome

The final installment of the HIPAA enforcement rule was released on April 18, 2005. Civil monetary penalties are set at a maximum of $100 per violation, up to a maximum of $25,000 for all violations of an identical requirement per calendar year.

But a single act can create multiple violations, Ms. Williams pointed out. That's because the rule uses three variables to calculate the number of violations:

▸ The number of times a covered entity takes a prohibited action or failed to take a required action.

▸ The number of persons involved or affected.

▸ The duration of the violation, counted in days.

Under the new rule, information about civil monetary penalties, including reason for the penalty and identity of the covered entity, will be made available to the general public. It is not clear whether this happens when the penalty is first imposed, or after legal appeals are completed.

"This provision is a bit worrisome," Ms. Williams said.

SAN DIEGO — Government strategies for health information technology will aid physicians by lowering the cost, improving the benefits, and lowering the risks, said David J. Brailer, M.D., Ph.D., national coordinator for health information technology, in a keynote address at the annual meeting of the American Health Lawyers Association.

Information technology “is a tectonic issue for physicians, one that separates old from young, progressive from Luddite, and those who want to be part of a performance-based future from those who want to practice the way they have for years,” Dr. Brailer said.

“We're trying to be nonregulatory, to use a market-based approach, and that means we want to work with the willing. Surveys show that many physicians, at least half today, would do this if they could figure out how to do it,” he said.

One barrier to adoption of electronic health records (EHRs) is the variety of products on the market. Certifying a basic, minimally featured EHR system will aid physicians in making rational purchasing decisions, Dr. Brailer said.

Another barrier to adoption of EHRs is the current lack of a sound business model. A “pay-as-you-go” financial model is not feasible, and financial incentives will be needed to accelerate the transition, Dr. Brailer added, without specifying any further details.

Large physician groups and hospitals are far ahead of small physician offices in adopting EHRs. According to Jodi Goldstein Daniel, a Department of Health and Human Services senior staff attorney on health information technology issues who also spoke at the meeting, more than 50% of large practices have adopted EHRs, while only 13% of small practices have done so.

Dr. Brailer's office plans to monitor the adoption gap annually, to see whether it is closing, whether certified technologies are being used, and whether rural practices and other practices with special needs require some kind of safety net.

“We don't want to see health IT become a strategic wedge between the haves and the have-nots; we want a level playing field so that everyone can participate,” Dr. Brailer said.

Once a significant mass of physicians shifts to EHRs and consumers experience the benefits of information passing seamlessly among their doctors within a secure electronic infrastructure, then physicians who haven't adopted EHRs “may actually get rolled over by the market,” Dr. Brailer said. “The market force, once it gets going, will be inevitable.”

SAN DIEGO — Government strategies for health information technology will aid physicians by lowering the cost, improving the benefits, and lowering the risks, said David J. Brailer, M.D., Ph.D., national coordinator for health information technology, in a keynote address at the annual meeting of the American Health Lawyers Association.

Information technology “is a tectonic issue for physicians, one that separates old from young, progressive from Luddite, and those who want to be part of a performance-based future from those who want to practice the way they have for years,” Dr. Brailer said.

“We're trying to be nonregulatory, to use a market-based approach, and that means we want to work with the willing. Surveys show that many physicians, at least half today, would do this if they could figure out how to do it,” he said.

One barrier to adoption of electronic health records (EHRs) is the variety of products on the market. Certifying a basic, minimally featured EHR system will aid physicians in making rational purchasing decisions, Dr. Brailer said.

Another barrier to adoption of EHRs is the current lack of a sound business model. A “pay-as-you-go” financial model is not feasible, and financial incentives will be needed to accelerate the transition, Dr. Brailer added, without specifying any further details.

Large physician groups and hospitals are far ahead of small physician offices in adopting EHRs. According to Jodi Goldstein Daniel, a Department of Health and Human Services senior staff attorney on health information technology issues who also spoke at the meeting, more than 50% of large practices have adopted EHRs, while only 13% of small practices have done so.

Dr. Brailer's office plans to monitor the adoption gap annually, to see whether it is closing, whether certified technologies are being used, and whether rural practices and other practices with special needs require some kind of safety net.

“We don't want to see health IT become a strategic wedge between the haves and the have-nots; we want a level playing field so that everyone can participate,” Dr. Brailer said.

Once a significant mass of physicians shifts to EHRs and consumers experience the benefits of information passing seamlessly among their doctors within a secure electronic infrastructure, then physicians who haven't adopted EHRs “may actually get rolled over by the market,” Dr. Brailer said. “The market force, once it gets going, will be inevitable.”

SAN DIEGO — Government strategies for health information technology will aid physicians by lowering the cost, improving the benefits, and lowering the risks, said David J. Brailer, M.D., Ph.D., national coordinator for health information technology, in a keynote address at the annual meeting of the American Health Lawyers Association.

Information technology “is a tectonic issue for physicians, one that separates old from young, progressive from Luddite, and those who want to be part of a performance-based future from those who want to practice the way they have for years,” Dr. Brailer said.

“We're trying to be nonregulatory, to use a market-based approach, and that means we want to work with the willing. Surveys show that many physicians, at least half today, would do this if they could figure out how to do it,” he said.

One barrier to adoption of electronic health records (EHRs) is the variety of products on the market. Certifying a basic, minimally featured EHR system will aid physicians in making rational purchasing decisions, Dr. Brailer said.

Another barrier to adoption of EHRs is the current lack of a sound business model. A “pay-as-you-go” financial model is not feasible, and financial incentives will be needed to accelerate the transition, Dr. Brailer added, without specifying any further details.

Large physician groups and hospitals are far ahead of small physician offices in adopting EHRs. According to Jodi Goldstein Daniel, a Department of Health and Human Services senior staff attorney on health information technology issues who also spoke at the meeting, more than 50% of large practices have adopted EHRs, while only 13% of small practices have done so.

Dr. Brailer's office plans to monitor the adoption gap annually, to see whether it is closing, whether certified technologies are being used, and whether rural practices and other practices with special needs require some kind of safety net.

“We don't want to see health IT become a strategic wedge between the haves and the have-nots; we want a level playing field so that everyone can participate,” Dr. Brailer said.

Once a significant mass of physicians shifts to EHRs and consumers experience the benefits of information passing seamlessly among their doctors within a secure electronic infrastructure, then physicians who haven't adopted EHRs “may actually get rolled over by the market,” Dr. Brailer said. “The market force, once it gets going, will be inevitable.”

SAN DIEGO — Health care organizations need a proactive process in place to deal with Health Insurance Portability and Accountability Act complaints, Teresa A. Williams, in-house counsel for Integris Health, Inc., said at the annual meeting of the American Health Lawyers Association. Having an effective complaint process in place could reduce the number of complaints patients file with government enforcement agencies.

At present, HIPAA enforcement is primarily complaint based, Ms. Williams said. During the first year of enforcement, 5,648 complaints were filed with the Office for Civil Rights (OCR), according to a report published by the Government Accountability Office. Of those, about 56% alleged impermissible use and disclosure of protected health information, about 33% alleged inadequate safeguards, and about 17% concerned patient access to information. (Percentages total more than 100 because some complaints fall into more than one category.)

As of June 30, 2005, OCR has received more than 13,700 complaints, and has closed 67% of those cases. They've been closed because the alleged activity actually did not violate the privacy rule, or because OCR lacks jurisdiction, or because the complaint was resolved through voluntary compliance. To date, OCR hasn't actually imposed any monetary penalties.

OCR is making every effort to resolve potential cases informally. Ms. Williams gave an example from her company.

Last fall, a patient at one of Integris Health's rural facilities filed an OCR complaint alleging her son's health information had been improperly disclosed. Within 2 days, Integris was able to confirm, through an audit trail, that this had in fact happened, and the responsible employee was terminated.

OCR then requested a copy of the explanatory letter sent to the complainant, records showing that the employee had received appropriate training about HIPAA, and written evidence of termination. “It was all very informal, just a series of phone calls and letters back and forth,” Ms. Williams said. “It took only about 2 months for our case to be closed.”

Ms. Williams advises health care organizations to put a strategy in place for handling potential HIPAA complaints. Key steps include:

▸ Train staff on appropriate records and documentation.

▸ Develop and enforce discipline policies.

▸ Conduct patient satisfaction surveys.

▸ Conduct training to inform staff about appropriate uses and disclosures of protected health information.

▸ Take corrective action if necessary, then document it.

▸ Use information that is gained from the complaint process to better your system.

A variety of methods may be used to process complaints, including written complaint forms, a hotline, a privacy officer, regular mail, e-mail, and online forums. One key element: The person in charge of the complaint process should be able to listen and respond with empathy.

“Sometimes people aren't looking for a monetary resolution,” Ms. Williams said. “They just want someone to listen to their complaint and tell them that its been corrected.”

Enforcement Rule Needs Clarification

The final installment of the HIPAA enforcement rule was released on April 18, 2005. Civil monetary penalties are set at a maximum of $100 per violation, up to a maximum of $25,000 for all violations of an identical requirement per calendar year.

But a single act can create multiple violations, Ms. Williams pointed out. That's because the rule uses three variables to calculate the number of violations:

▸ The number of times a covered entity takes a prohibited action or failed to take a required action.

▸ The number of persons involved or affected.

▸ The duration of the violation, counted in days.

Under the new rule, information about civil monetary penalties, including reason for the penalty and identity of the covered entity, will be made available to the general public. It is not clear whether this happens when the penalty is first imposed, or after legal appeals are completed.

“This provision is a bit worrisome,” Ms. Williams said. If an emergency department over a 3-month period doesn't collect and file written acknowledgments of privacy notifications, that would count as numerous violations of the privacy rule.

“If a consumer then reads in the paper that your hospital paid hundreds of thousands of dollars for a thousand violations of the privacy rule, that's arguably misleading,” Ms. Williams said. “This is an area that hopefully will be clarified and changed.”

SAN DIEGO — Health care organizations need a proactive process in place to deal with Health Insurance Portability and Accountability Act complaints, Teresa A. Williams, in-house counsel for Integris Health, Inc., said at the annual meeting of the American Health Lawyers Association. Having an effective complaint process in place could reduce the number of complaints patients file with government enforcement agencies.

At present, HIPAA enforcement is primarily complaint based, Ms. Williams said. During the first year of enforcement, 5,648 complaints were filed with the Office for Civil Rights (OCR), according to a report published by the Government Accountability Office. Of those, about 56% alleged impermissible use and disclosure of protected health information, about 33% alleged inadequate safeguards, and about 17% concerned patient access to information. (Percentages total more than 100 because some complaints fall into more than one category.)

As of June 30, 2005, OCR has received more than 13,700 complaints, and has closed 67% of those cases. They've been closed because the alleged activity actually did not violate the privacy rule, or because OCR lacks jurisdiction, or because the complaint was resolved through voluntary compliance. To date, OCR hasn't actually imposed any monetary penalties.

OCR is making every effort to resolve potential cases informally. Ms. Williams gave an example from her company.

Last fall, a patient at one of Integris Health's rural facilities filed an OCR complaint alleging her son's health information had been improperly disclosed. Within 2 days, Integris was able to confirm, through an audit trail, that this had in fact happened, and the responsible employee was terminated.

OCR then requested a copy of the explanatory letter sent to the complainant, records showing that the employee had received appropriate training about HIPAA, and written evidence of termination. “It was all very informal, just a series of phone calls and letters back and forth,” Ms. Williams said. “It took only about 2 months for our case to be closed.”

Ms. Williams advises health care organizations to put a strategy in place for handling potential HIPAA complaints. Key steps include:

▸ Train staff on appropriate records and documentation.

▸ Develop and enforce discipline policies.

▸ Conduct patient satisfaction surveys.

▸ Conduct training to inform staff about appropriate uses and disclosures of protected health information.

▸ Take corrective action if necessary, then document it.

▸ Use information that is gained from the complaint process to better your system.

A variety of methods may be used to process complaints, including written complaint forms, a hotline, a privacy officer, regular mail, e-mail, and online forums. One key element: The person in charge of the complaint process should be able to listen and respond with empathy.

“Sometimes people aren't looking for a monetary resolution,” Ms. Williams said. “They just want someone to listen to their complaint and tell them that its been corrected.”

Enforcement Rule Needs Clarification

The final installment of the HIPAA enforcement rule was released on April 18, 2005. Civil monetary penalties are set at a maximum of $100 per violation, up to a maximum of $25,000 for all violations of an identical requirement per calendar year.

But a single act can create multiple violations, Ms. Williams pointed out. That's because the rule uses three variables to calculate the number of violations:

▸ The number of times a covered entity takes a prohibited action or failed to take a required action.

▸ The number of persons involved or affected.

▸ The duration of the violation, counted in days.

Under the new rule, information about civil monetary penalties, including reason for the penalty and identity of the covered entity, will be made available to the general public. It is not clear whether this happens when the penalty is first imposed, or after legal appeals are completed.

“This provision is a bit worrisome,” Ms. Williams said. If an emergency department over a 3-month period doesn't collect and file written acknowledgments of privacy notifications, that would count as numerous violations of the privacy rule.

“If a consumer then reads in the paper that your hospital paid hundreds of thousands of dollars for a thousand violations of the privacy rule, that's arguably misleading,” Ms. Williams said. “This is an area that hopefully will be clarified and changed.”

SAN DIEGO — Health care organizations need a proactive process in place to deal with Health Insurance Portability and Accountability Act complaints, Teresa A. Williams, in-house counsel for Integris Health, Inc., said at the annual meeting of the American Health Lawyers Association. Having an effective complaint process in place could reduce the number of complaints patients file with government enforcement agencies.

At present, HIPAA enforcement is primarily complaint based, Ms. Williams said. During the first year of enforcement, 5,648 complaints were filed with the Office for Civil Rights (OCR), according to a report published by the Government Accountability Office. Of those, about 56% alleged impermissible use and disclosure of protected health information, about 33% alleged inadequate safeguards, and about 17% concerned patient access to information. (Percentages total more than 100 because some complaints fall into more than one category.)

As of June 30, 2005, OCR has received more than 13,700 complaints, and has closed 67% of those cases. They've been closed because the alleged activity actually did not violate the privacy rule, or because OCR lacks jurisdiction, or because the complaint was resolved through voluntary compliance. To date, OCR hasn't actually imposed any monetary penalties.

OCR is making every effort to resolve potential cases informally. Ms. Williams gave an example from her company.

Last fall, a patient at one of Integris Health's rural facilities filed an OCR complaint alleging her son's health information had been improperly disclosed. Within 2 days, Integris was able to confirm, through an audit trail, that this had in fact happened, and the responsible employee was terminated.

OCR then requested a copy of the explanatory letter sent to the complainant, records showing that the employee had received appropriate training about HIPAA, and written evidence of termination. “It was all very informal, just a series of phone calls and letters back and forth,” Ms. Williams said. “It took only about 2 months for our case to be closed.”

Ms. Williams advises health care organizations to put a strategy in place for handling potential HIPAA complaints. Key steps include:

▸ Train staff on appropriate records and documentation.

▸ Develop and enforce discipline policies.

▸ Conduct patient satisfaction surveys.

▸ Conduct training to inform staff about appropriate uses and disclosures of protected health information.

▸ Take corrective action if necessary, then document it.

▸ Use information that is gained from the complaint process to better your system.

A variety of methods may be used to process complaints, including written complaint forms, a hotline, a privacy officer, regular mail, e-mail, and online forums. One key element: The person in charge of the complaint process should be able to listen and respond with empathy.

“Sometimes people aren't looking for a monetary resolution,” Ms. Williams said. “They just want someone to listen to their complaint and tell them that its been corrected.”

Enforcement Rule Needs Clarification

The final installment of the HIPAA enforcement rule was released on April 18, 2005. Civil monetary penalties are set at a maximum of $100 per violation, up to a maximum of $25,000 for all violations of an identical requirement per calendar year.

But a single act can create multiple violations, Ms. Williams pointed out. That's because the rule uses three variables to calculate the number of violations:

▸ The number of times a covered entity takes a prohibited action or failed to take a required action.

▸ The number of persons involved or affected.

▸ The duration of the violation, counted in days.

Under the new rule, information about civil monetary penalties, including reason for the penalty and identity of the covered entity, will be made available to the general public. It is not clear whether this happens when the penalty is first imposed, or after legal appeals are completed.

“This provision is a bit worrisome,” Ms. Williams said. If an emergency department over a 3-month period doesn't collect and file written acknowledgments of privacy notifications, that would count as numerous violations of the privacy rule.

“If a consumer then reads in the paper that your hospital paid hundreds of thousands of dollars for a thousand violations of the privacy rule, that's arguably misleading,” Ms. Williams said. “This is an area that hopefully will be clarified and changed.”