Compliance with HIPAA, which stands for the Health Insurance Portability and Accountability Act, was mandatory as of April 14, 2003, though voluntary compliance was encouraged before that. The U-M team carried out its study during that voluntary compliance period, using guidance from U-M clinical research officials about what they would have to do to comply with HIPAA.
"The balance between protecting patient privacy, while at the same time we strive to learn about the best methods by which to treat patients after certain types of conditions and/or treatments, is delicate," says Kim Eagle, M.D., clinical director of the U-M Cardiovascular Center and senior author on the study. "If long-term patient outcomes are to be used to 'inform' current care, we must develop better ways of working with patients and regulatory agencies to define the proper balance."
Kline-Rogers and her colleagues at the U-M Cardiovascular Outcomes Research and Reporting Program set out to obtain written consent from heart patients six months after they left the U-M hospital after being treated for acute coronary syndrome either a heart attack or unstable angina episode.
They obtained the list of patients retrospectively, by looking at the discharge diagnosis for each patient. This is allowed under HIPAA as part of preparation for a research study.
Between Sept. 1, 2001 and March 31, 2003, they sent letters and consent forms to the patients, and called those who responded to ask questions about their health.
Because the HIPAA compliance mandate was not yet fully in effect, they were also able to call those patients who didn't mail back their consent form, to try to obtain verbal consent. They could also check records to see if patients on the HIPAA-compliant lists had died.
They then compared the rates of authorization and several
'"/>
Contact: Kara Gavin
kegavin@umich.edu
734-764-2220
University of Michigan Health System
11-Mar-2004