National Committee on Vital and Health Statistics
Subcommittee on Privacy
March 30, 2005 – Chicago, Illinois
The American Physical Therapy Association (APTA) is a professional organization representing the interests of the physical therapy profession. Our membership is comprised of 67,000 physical therapists, physical therapy assistants and students of physical therapy. We would like to thank the National Committee on Vital and Health Statistics Subcommittee on Privacy for the opportunity to share our views on privacy and health information technology and the impact of the HIPAA privacy provisions on the physical therapy profession.
In the course of restoring, maintaining and promoting optimal function and health, especially as it is related to movement, physical therapists examine, evaluate, establish a diagnosis, formulate prognoses, develop treatment plans, provide interventions, educate their patients, coordinate care, and refer to other providers. Interventions performed by physical therapists include therapeutic exercise, functional training, manual therapy, and the use of physical agents and mechanical modalities to achieve improvement in a patient’s function.
Physical therapists work in many practice settings including acute care hospitals, inpatient rehabilitation hospitals, private practices, skilled nursing facilities, home health care, schools, and industry. Physical therapists also work with individuals across the life span from the neonate to the very old. The diversity of settings in which physical therapists practice necessitates an awareness of patient privacy and confidentiality. Physical therapists, like other covered entities, generate clinical records for each of their patients. This clinical record includes information from the initial evaluation, a treatment plan, goals of treatment, and progress notes for each visit. Physical therapists also submit claims for reimbursement directly to third-party payers. HIPAA compliance, therefore, has had an impact on the physical therapy profession, raising the same issues that all other covered entities have had to face.
In response to the mandates of HIPAA, physical therapists, particularly those in private practices, have created policy manuals, educated and trained their staff, and educated their patients about HIPAA privacy. APTA has been very proactive in assisting members with HIPAA compliance through seminars, training modules, and information on the website.
Physical therapy practice is unique in some ways, however. Given that physical therapists are treating patients for functional impairments and physical disabilities, whether temporary or permanent, the issue of disclosure of protected health information (PHI) to other parties has been significant, especially in the legal context. Patients who have sustained injury due to an automobile accident or work related incident, for example, will often receive physical therapy services. If a legal case ensues, the issue then arises as to whom and under what circumstances can a physical therapist disclose information. Additionally, physical therapy interventions can often include the use of supplies and durable medical equipment. Physical therapists often refer to other vendors to provide these items, requiring the therapist to have a clear understanding of Business Associate contracts and the sharing of PHI.
As physical therapists made changes to their administrative processes and physical layout in response to the HIPAA provisions, several additional questions arose. For all health care providers, the issue of oral PHI is one that required some thought, and for physical therapy practice it required additional consideration. Since therapeutic exercise is such an integral part of physical therapy treatment, facilities that provide these services will often have an open gym area. Due to the fact that a physical therapy facility could have several patients in the gym area at any given time, physical therapists had to learn how to apply the finer points of the “minimum necessary” provision. Although the HIPAA privacy provisions did not mandate architectural changes, many physical therapists did make adjustments to their facilities and procedures to insure maximum privacy for their patients. Such changes include limiting the amount of PHI that is transmitted orally while patients are in the gym area, holding discussions concerning prognosis and treatment in private treatment areas, and partitioning off more areas for private discussion.
HIPAA, in addition to state law, requires mandatory disclosure to appropriate public health authorities in situations where a health care provider suspects physical abuse. Due to the close contact a physical therapist has with their patients, physical therapists are sometimes the individual who may first discover evidence of suspected abuse. It has therefore has been important for physical therapists to understand their obligations with regard to disclosure of PHI in cases of suspected abuse.
Maintaining patient confidentiality and privacy has always been important to the physical therapy profession. Several APTA core documents reflect the physical therapists’ ethical obligation to ensure their patients’ confidentiality, safety and well-being. APTA’s Guide for Professional Conduct, which interprets the APTA Code of Ethics, stresses the importance of patient confidentiality and compliance with all laws and regulations governing the practice of physical therapy. In addition, physical therapists have always had to meet vigorous state licensing requirements and follow state laws with regard to patient confidentiality.
Recognizing the importance of electronic patient health care records in patient care, APTA has developed a “point-of-care “ electronic patient record software, “APTA CONNECT,” in conjunction with Cedaron Medical of Davis, CA. The electronic patient health care records offers the ability to gather critical and sensitive kinds of information about a person in one place and share it among health professionals in the best clinical interests of the patient. Like other professions, physical therapists work with clinical support personnel, such as physical therapist assistants in the delivery care, and administrative personnel in clinical operations. For those involved in the patient’s care and the use of CONNECT, it is important to ensure that appropriate measures are taken to prevent inappropriate access to information. When using CONNECT physical therapists must use passwords, train personnel, and take other security measures that ensure privacy.
Data derived from APTA CONNECT will enable facilities and researchers to obtain valuable information about patient outcomes from physical therapy that could be used to improve patient care in the future. When CONNECT is used as a research database, researchers must take measures to protect the patient’s privacy and comply with HIPAA and any other state and federal privacy laws.
The challenges of protecting patient information will continue to evolve in the age of electronic medical records and transactions, and many of those challenges will have a unique impact on the practice of physical therapy. The American Physical Therapy Association greatly appreciates the opportunity to provide this statement to the NCVHS Subcommittee on Privacy, and we hope the subcommittee and full committee will continue to look to us as a resource as they deal with emerging privacy issues. We would be happy to demonstrate the APTA CONNECT application to the committee and to discuss other efforts to assist our members in protecting the confidentiality of their patients’ health care information. Thank you for the opportunity to contribute to your efforts.
# # #