For the past several years, particularly since compliance with the Privacy Rule of the Health Insurance Portability and Accountability Act (HIPAA) went into effect on April 14, 2003, health care professionals have become especially concerned with the privacy laws and their effect on the provision of health care. Causing further concern is how this rule complements or contradicts the rule for the Protection of Human Subjects, otherwise known as the Common Rule, when research is conducted with human subjects. This author chose this article, Research Privacy Under HIPAA and the Common Rule, to critique because of an interest in future research with human subjects.
For almost twenty-five years, privacy issues when conducting research with human subjects were regulated primarily by the federal regulation for Protection of Human Subjects, or the Common Rule (Rothstein, 2005). However, on April 14, 2003, compliance with the Privacy Rule of HIPAA went into effect (Rothstein). Since that date, the privacy involved in human research has been regulated by both of these acts (Rothstein).
The main purpose of the HIPAA was to ensure that when employees left a job they would not lose their health insurance coverage (Rothstein, 2005). However, during the legislative process, the Administrative Simplification title of the act was passed; this part of the act requires the nation to be more efficient in processing health claims through electronic transactions (Rothstein). Foreseeing that individuals would be concerned about the ability to share their health information instantly nationwide, this title also attempted to guard the health information privacy in these electronic transmissions (Rothstein). Rothstein noted that, as a result of this concern, HIPAA specified that Congress would write additional legislation within two years to address the privacy issues; however, failing to do so would relegate the task to the Department of Health and Human Services (DHHS). Rothstein pointed out that Congress subsequently failed to enact new legislation dealing with privacy, so DHHS disseminated the final privacy regulations. These regulations went into effect on April 14, 2001; however, compliance for almost all of the involved entities went into effect on April 14, 2003 (Rothstein).
HIPAA covered entities such as providers completing electronic transactions, health centers, and large health plans must use only the National Provider Identifier (NPI) to identify covered healthcare providers in standard transactions on 23 May 2007. small health plans must use only the NPI on May 23, 2008.
Rothstein (2005) noted that the passage of the HIPAA regulations has caused much confusion among the health care community; he blamed some of this confusion on the lack of resources and the lack of education that needed to be directed to those who would be involved in the implementation of the new rules. Rothstein explained some of the misconceptions regarding the Privacy Rule and to whom the rule applies. He stated, Based on its intent to regulate financial transactions in health care, the Privacy Rule applies only to three classes ...