Article Content


Health and Human Services Secretary Tommy G. Thompson has proposed changes to Health and Human Services's health privacy regulations to ensure strong privacy protections while correcting unintended consequences that threatened patients' access to quality healthcare.


The federal privacy regulations guarantee patients full access to their medical records, give them more control over how their personal information is used and disclosed, and provide a clear avenue of recourse if their medical privacy is compromised.


Secretary Thompson said the proposed revisions are needed to fix problems with the previously published rule that otherwise could make it more difficult for patients to get quality care quickly and easily. The proposal also strengthens and clarifies the rule's marketing restrictions.


The following revisions are proposed:


* Strengthen notice provisions and remove consent requirements hindering access to care. As written, the privacy rule's general requirement that patients give prior consent on privacy practices before receiving treatment created serious unintended consequences that interfere with patients' access to healthcare. For example, patients could be required to visit a pharmacy in person to sign paperwork before a pharmacist could fill their prescriptions. Similar barriers could arise when a patient is referred to a specialist and in other situations. In addition, doctors could refuse to treat patients who refused to sign their privacy consent form. To fix these problems, the proposal would promote access to care by removing the consent requirements for treatment, payment, and healthcare operations that could interfere with efficient delivery of healthcare, while strengthening requirements for providers to notify patients about their privacy rights and practices. Patients would be asked to acknowledge the privacy notice, but doctors and other providers could treat them if they did not. This change would ensure that patients can consider a provider's privacy policies before making healthcare decisions, but would eliminate barriers to patients' access to care.


* Maintain the "minimum necessary" rule, while allowing treatment-related conversations. By covering oral communications and limiting the use of personal health information to the "minimum necessary," the privacy rule raised concerns that routine conversations between doctors and patients, nurses, and others involved in a patient's care could violate the rule. This could stifle essential communication necessary to provide the highest quality care possible. The proposed changes continue to cover oral communications and maintain the "minimum necessary" requirement, but would make clear that doctors could discuss a patient's treatment with other doctors and professionals involved in their care without fear that their conversations could lead to a violation. As long as a covered entity met the minimum necessary standards and took reasonable safeguards to protect personal health information, incidental disclosures-such as another patient hearing a snippet of conversation-would not be subject to penalties. Improper disclosures would still violate the rule.


* Assure appropriate parental access to their children's records. The current rule may have unintentionally limited a parent's access to his or her child's medical records. The proposal clarifies that state law governs disclosures to parents. In cases where state law is silent or unclear, the revisions would preserve state law and professional practice by permitting a healthcare provider to use discretion to provide or deny a parent access to such records as long as that decision is consistent with state or other law.


* Prohibit use of records for marketing, while allowing appropriate communications. Based on consumer concerns that the marketing provisions were ineffective to protect patient privacy, the proposal would explicitly require pharmacies, health plans, and other covered entities to first obtain the individual's specific authorization before sending them any marketing materials. At the same time, the proposal would continue to permit doctors and other covered entities to communicate freely with patients about treatment options and other health-related information, including disease management programs.



The proposal also would make other revisions to simplify the rule's paperwork requirements while preserving the rule's strong privacy protections. For example:


* The proposal would eliminate the need for researchers to use multiple consent forms-one for informed consent to the research and one or more related to information privacy rights. Instead, researchers could use a single combined form to accomplish both purposes. The proposal would also simplify other provisions so that the privacy rule more closely follows the format of the "Common Rule," which governs federally funded research. The provisions ensure privacy-specific criteria will apply equally to publicly and privately funded research.


* The existing rule requires covered entities-health plans, healthcare providers, and clearinghouses-to have contracts with their business associates to ensure that they follow the privacy rule's requirements. The proposal includes model business associate contract provisions, making it easier and less costly for covered entities to implement the requirements. The changes also would give covered entities an additional year to change existing contracts, easing the burden of renegotiating contracts all at once.


* The changes would simplify authorizations by allowing the use of a single type of form to obtain a patient's permission for a specific use or disclosure that otherwise would not be permitted under the rule. Patients would still need to grant permission in advance for each type of use or disclosure, but the proposal would eliminate the need to use different types of forms to obtain that advance permission.



Congress in 1996 recognized the need for national patient privacy standards and set a 3-year deadline to enact such protections as part of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The law required HHS to adopt such protections via regulation if Congress did not address the issue.


HHS proposed federal privacy standards in 1999 and, after reviewing and considering more than 52,000 public comments on them, published final standards in December 2000. In March 2001, HHS received more than 11,000 comments after Secretary Thompson requested additional public input on the rule. Those comments and other public input were used to develop the proposed changes, which were published in the Federal Register March 27, 2002, with a 30-day comment period. HHS will consider public comments on the proposed changes before issuing a final rule.


Most covered entities have until April 14, 2003, to comply with the patient privacy rule; under the law, certain small health plans have until April 14, 2004, to comply. To help people prepare for and meet the rule's requirements, HHS' Office for Civil Rights will continue to conduct outreach and education for healthcare providers, consumers, and others affected by the privacy regulation.





SNOMED(R) International has announced the availability of SNOMED Clinical Terms (SNOMED(R) CT) 1.0, intended to be the most comprehensive international and multilingual clinical reference terminology available in the world, featuring uniformity of medical communications that spans languages, clinical specialties, and geographic borders.


The terminology is aimed at helping users reduce administrative costs related to the delivery of healthcare worldwide by supporting the electronic patient record. It can be used to standardize surgical records, to code patient problem and diagnoses lists, to support computerized physician order-entry, to facilitate consistent tracking of infectious diseases, to report the incidence of cancer cases, to facilitate bioterrorism surveillance, or to encode health-related literature, among many possible uses.


When implemented, SNOMED CT 1.0 can serve as the common index or "dictionary" against which data are encoded, stored, and referenced. This provides greater compatibility across software applications as computer codes used to capture medical concepts in one software system can be interpreted and linked to terms with the same meaning in another system. The terminology allows clinicians to precisely capture information about a patient's history, illnesses, treatments, and outcomes in a consistent and computer-readable manner. The structure of SNOMED CT facilitates reuse of coded information for a variety of purposes, including evidence-based medicine, outcomes studies, and clinical research, as well as administrative reporting.


SNOMED CT 1.0 contains approximately 325,000 concepts linked to clinical knowledge to enable accurate recording of data without ambiguity. The terminology's content also includes more than 800,000 descriptions or synonyms relating to clinical concepts, as well as more than 950,000 links, known as semantic relationships, between clinical concepts. This structure ensures the proper relationships of diseases, treatments, etiologies, clinical findings, therapies, procedures, and outcomes. The breadth and depth of the terminology, as well as its computer-readable hierarchies, enable reliable and consistent retrieval of robust clinical information and multiple levels of granularity based on flexible queries.


SNOMED CT 1.0 cross-maps to other medical terminologies, such as the International Statistical Classification of Diseases (ICD-9-CM, ICD-03, ICD-10), Laboratory Logical Observation Identifiers Names and Codes (LOINC), and OPCS-4, eliminating duplicate data capture and facilitating enhanced health reporting, billing, and statistical analysis. SNOMED CT 1.0 also is aligned with numerous healthcare standards, including Health Level 7 (HL7), Digital Imaging and Communications in Medicine (DICOM), American National Standards Institute (ANSI), and International Organization for Standardization (ISO).


All codes and concepts of the precursor works are referenced in SNOMED CT First Release, which will enable users of previous terminologies to migrate to the new work.


The College of American Pathologists is a not-for-profit medical society serving nearly 16,000 physician members and the laboratory community throughout the world. It is the world's largest association composed exclusively of pathologists and is widely considered the leader in laboratory quality assurance. The CAP is an advocate for high-quality and cost-effective patient care. The college is located on the World Wide Web at


SNOMED International is located on the World Wide Web at





IBM has announced a partnership with Trust Digital LLC, a subsidiary of Applied Technologies, Inc, on a new software application that protects sensitive data stored on the IBM Microdrive, making it an appropriate, secure storage medium for healthcare information collected and stored on PDAs and mobile computers.


IBM envisions healthcare uses for the Microdrive and Trust Digital's PDASecure application that might include visiting nurses picking up a Microdrive first thing in the morning and inserting it into a PDA to access the day's schedule complete with maps to patients' homes, medical records, pictures of injuries, and lists of allergies-information kept confidential even among different OS platforms. After a day of patient visits, newly collected information and visit records can be uploaded into a medical practice's computer.


The IBM Microdrive is a matchbook-sized removable storage device that allows users to store multiple applications at the same time, including maps, photographs, directions, documents, and digital music. The 1 GB Microdrive can hold up to 1,000 high-resolution photographs, 200,000 pages of text, or nearly 18 hours of high-quality digital audio music. The device is transferable to various platforms, including PDAs, GPS systems, and laptops.


PDASecure, ForeverSecure, and SecureCard make up Trust Digital's mobile product line, which automatically transitions data to the correct encryption format depending on the digital device in which the Microdrive is accessed. Because Trust Digital's encryption technology adapts the data stored on the drive to the appropriate format, the security software is turned on the moment users log on to their systems; the user-friendly system does all the work, making the security process virtually invisible.


Trust Digital's newest line of encryption software, PDASecure, is designed to safeguard mobile information stored on the IBM Microdrive. Using password protection, data encryption, and a variety of administration control features, Trust Digital's encryption software protects data stored on expansion memory cards such as the Microdrive from internal and external fraud, theft, sabotage, and hacking.


PDASecure works by allowing users to encrypt data on memory cards, either in full or only securing to specific files, by converting data into "ciphertext," the unreadable content that is viewed on the device's screen before it is unlocked by an authorized user. Users are also able to define who can access their encrypted information and to safeguard data across their entire collection of mobile devices including PDAs, handhelds, laptops, and digital cameras.


PDASecure's transparent operation is one of the application's key attributes, because portable device users do not want to be bogged down with security concerns when transferring information between digital devices.


The Microdrive's versatility enables storage and retrieval of data across a variety of digital devices, including laptops, PDAs, handhelds, digital cameras, and MP3 players. With capacities ranging from 340 MB to 1 GB on a single 1-inch diameter hard disk drive and weighing just over half an ounce (16 grams), the various Microdrives provide high-capacity and cost-effective storage in a CompactFlash Type II form factor.


The Microdrive supports multiple data types, including MP3, text, JPEG, and voice, and can be used in conjunction with Global Positioning System (GPS) devices, such as the Navman GPS i Series, to display maps, let drivers know their current location relative to destination, and give audible driving directions, allowing users to keep their hands on the wheel of the vehicle.


Trust Digital's line of security-enhancing applications recently received the "Best Enterprise Security Application Award" from Handheld Computing Magazine. The PDASecure application was also a finalist for the "Best of Comdex 2001" award in the security product category. The PDASecure product line is available now, with prices starting at $29.95.


The IBM Microdrive is being offered at price points beginning at $199 for the 340 MB and $379 for the 1 GB. Additional information on the Microdrive can be found by visiting or calling 888-426-5214.


Information on PDASecure is available at or by calling 703-246-9198, by faxing 703-246-9496.





Lucent Technologies has announced a new venture, called InPhase Technologies, that is developing high-performance holographic data storage media and systems. Using technology in recording media and systems developed at Bell Laboratories, the research and development arm of Lucent, InPhase Technologies, will design holographic systems that combine high storage density with high-speed access and fast parallel transfer rates. The venture's holographic products could vastly improve the performance of video, Internet, data warehousing, and games applications, which demand ever-increasing performance of storage systems.


Unlike other methods that record data only on the surface of a disk, holographic data storage allows recording through the entire thickness of the material, which allows for a huge increase in storage density. In addition, much higher transfer rates are achievable because the data are stored and recalled in "page format," which can be accessed one million bits at a time.


The development work at Bell Labs had been partially supported by The National Imagery and Mapping Agency, through a contract with the National Media Laboratory Strategic Alliance.


More information, including photos and videos of the technology, is available at InPhase's Web site,




Your contributions to Top Drawer (news, calendar items, products for review) are welcome. Send them to:


CIN: Computers, Informatics, Nursing


Editorial Office


10A Beach St, Suite 2


Portland, ME 04101


Fax: 207-553-7751