Saturday, September 17, 2011

Clinic says North Dakota Blues violate HIPAA law

Mid Dakota Clinic of Bismarck has opted out of a major initiative by Blue Cross Blue Shield of North Dakota that involves sharing patient records with an outside consultant and cites patient privacy concerns as the reason.

The program, MediQHome, is a “medical home” partnership between the health insurer and teams of medical providers aimed at better managing patients, especially those with chronic diseases, such as diabetes or asthma, to improve outcomes and reduce costs.

The initiative, which involves more than seven of every 10 primary care clinicians representing 75 percent of the North Dakota Blues’ members, requires providers to share patient information with an outside health quality consultant, MDdatacor, a firm located in suburban Atlanta.

Jeff Neuberger, the chief executive officer of Mid Dakota Clinic, said Friday that all patients should be contacted in advance to get their permission before their medical information is sent to a third party for review.

The clinic’s legal counsel, he said, concluded that failure to get individual patients’ express approval would violate a federal law protecting patient privacy, the Health Information Portability and Accountability Act, often called HIPAA.

“HIPAA doesn’t allow us to send information on everybody” without the patient’s permission, Neuberger said. “It’s very clear on that. We’ve said (to Blue Cross Blue Shield) you have no right to do that.”

The contract given to providers specifies they get “all appropriate” releases from patients, Neuberger said. But the contract language contradicts what Blue Cross Blue Shield executives have said about patient permission not being necessary, Neuberger said.

Representatives of Blue Cross Blue Shield of North Dakota said the information-sharing under the MediQHome program complies fully with HIPPA and protects patient privacy.

“We have remained 100 percent consistent with all providers that there is no requirement to receive permission from patients in order to participate in MediQHome,” Denise Kolpack, a Blue Cross Blue Shield vice president said in a statement to The Forum, highlighting “no requirement” in bold to emphasize the point.

She went on to say, however, that the contract includes language to allow a provider to participate in the health quality program “even if that provider has their own, stricter requirements around patient permissions and authorizations.”

Most of the major medical providers in North Dakota participate in the MediQHome program, which began in 2009, including Sanford Health and Essentia Health in Fargo.

The top lawyer for Sanford Health said the initiative both helps to improve patient care and complies fully with federal privacy laws.

“The partnership with BCBSND is one example of efforts we are undertaking as a health care system to improve quality and reduce the cost of health care overall for all consumers in our service area,” said Paul Richard, Sanford’s chief legal officer.

“All releases of patient information to MDdatacor by Sanford Health are in compliance with HIPPA,” he added, including a section of the law he said supported his position.

Kevin Pitzer, chief administrative officer of Essentia Health in Fargo, said the health system’s standard release of information form, for both hospital and clinic patients, includes authorization to release information of the kind it sends to MDdatacor.

“We do get permission from patients to release that information,” he said, adding that Essentia consulted both with in-house and outside legal counsel before embarking on the MediQHome program two years ago.

Participating medical providers send data on all their patients to MDdatacor “to identify clinical opportunities for improved health care delivery to all their patients with chronic diseases,” said Dr. David Hanekom, chief medical officer for Blue Cross Blue Shield of North Dakota.

Dr. Robert Roswick, medical director of Mid Dakota Clinic and a family practice physician, said it is improper – and illegal – to send medical information from all patients to the health quality consultant without prior patient approval.

He offered himself as an example of what he views as a breach of patient confidentiality.

A private pilot, Roswick must get annual physical checkups to keep his license current. He gets his exam at Trinity Health in Minot, which participates in MediQHome.

Aware of that, and the program’s protocol calling for providers to share information for all Blue Cross Blue Shield of North Dakota patients, he asked Trinity if his medical records were sent to the outside health quality consultant, MDdatacor.

The answer Roswick received from Trinity, after writing several letters, was yes. Roswick, who said he had not given his approval to do so, said the release was inappropriate and illegal – especially considering he is not covered by Blue Cross Blue Shield and does not have a chronic medical condition.

“It’s a blatant HIPAA violation,” Roswick said, adding that he has filed a complaint with the federal government and is still waiting for a response.

A spokesman for Trinity Health declined to comment on Roswick’s complaint.

“Patient privacy is important to us, and we strive to comply with all regulations involving patient privacy,” said Randy Schwan, a Trinity vice president.

Mid Dakota Clinic’s Neuberger and Roswick said medical providers in North Dakota have strong financial incentives to participate in MediQHome and therefore to send information of their patients covered by Blue Cross Blue Shield of North Dakota to MDdatacor, which could not be reached for comment Friday, for analysis.

In response, Hanekom said BCBSND is revamping their reimbursements to providers in a broad ongoing effort to reward better quality of care.

This article was originally posted at

No comments:

Post a Comment