HIPAA and Medical Practices - Part I PDF Print E-mail
Patient Rights

Unlike any privacy legislation before it, HIPAA gives patients greater control over how medical practices use and disclose their personal health information. Medical practices that perform electronic transactions cannot avoid learning about HIPAA because it applies to personal health information that is maintained in any form - including paper, electronic or oral communications. For example, practices that submit claims electronically or use a billing company to do so on their behalf, must comply with HIPAA. Medical practices have until no later than April 2003 to be compliant with all of the provisions within the privacy standard, including the following rights that must be afforded to patients:

  • Notice of Privacy Practices - Written notice of how the practice uses and discloses personal health information and of the patient's rights and the practice's duties with respect to personal health information

  • Consent - Consent that medical practices must obtain for routine uses and disclosures such as treatment, payment and healthcare operations before information is released. Also, additional authorization must be granted for non-routine uses and disclosures of information.

  • Access - The right to request access to and get copies of a patient's medical record

  • Amendment or Correction - The right to request an amendment to or correction of a patient's personal health information or record

  • Notice of Disclosure - Request for an accounting of all disclosures of their personal health information made by the practice for up to six years prior to the date the accounting is requested

  • Access to Complaint process - An internal complaint process that medical practices must provide for patients who feel the medical practice is not complying with its own policies and procedures

    Affording patients greater rights of access to their medical records may entail a cultural change in the practice, since traditionally the medical record was wholly controlled by the medical practice and patients have never before had such control over its contents. Once patients know they have these rights, they may be inclined to exercise them. Employees will have to be trained to receive requests from patients to amend or correct their medical record and control the uses and disclosures of their information by the practice.

    Covered Information
    Information protected under HIPAA's Privacy and Confidentiality Standard and subject to certain use and disclosure requirements is defined as "individually identifiable health information." This is information collected from an individual and is:

  • Created or received by a healthcare provider, health plan, healthcare clearinghouse or employer

  • Related to the past, present or future physical or mental health or condition of an individual, provision of healthcare to an individual or the past, present or future payment for the provision of healthcare to an individual

  • Information that identifies or could be used to identify the individual

    HIPAA applies to any information that is created or received by the practice and is electronically transmitted or maintained at some point during its retention. This includes information printed as a hard copy from the electronic data. Due to the broad scope of this law, it is easier for a practice to consider that any patient information collected falls within this definition of "protected."

    Covered Entities
    HIPAA applies only to "covered" health entities that store and electronically transmit individually identifiable health information. "Covered" entities include healthcare providers, health plans and healthcare clearinghouses. However, HIPAA's scope is very broad in that it also regulates business associates of the "covered" entities subject to the rule. This means that medical practices may only associate with businesses that can provide the same privacy and security assurances the practice can provide.

    Consent and Authorization
    A significant distinction is made in the privacy rule between consent vs. authorization. Medical practices will need to have both a consent and authorization form addressing the use and disclosure of personal health information. A covered healthcare provider must obtain patient consent prior to using or disclosing protected health information for purposes of treatment, payment and healthcare operations. If a medical practice wishes to use or disclose personal health information for purposes other than treatment, payment or healthcare operations, the privacy regulations require an additional patient authorization form for certain uses and disclosures.

    Business Associates
    Under HIPAA, many of the provisions of the privacy rule apply to "business associates" with whom medical practices contract. A business associate is any person to whom the medical practice ("covered entity") discloses protected health information for the purpose of carrying out, assisting with the performance of, or performing on behalf of, a function or activity for the medical practice. This includes contractors or other persons who receive protected health information from the medical practice in a course of providing a service to that practice. Medical practices may only disclose confidential information to its business associates if those business associates have taken steps to ensure the confidentiality of the information.

    Medical practices can start assessing their business associates by gathering all of their contracts together in one place, determining which contracts deal with the use or disclosure of personal health information and assessing whether there is language in the contract addressing the responsibilities of both parties to maintain the confidentiality of the personal health information involved. If there is not, the contract must be amended.

    Policies and Procedures
    The privacy regulations rely heavily on the existence of policies and procedures designed to protect the privacy and confidentiality of personal health information. Medical practices will have to assess how their existing policies and procedures compare to the standards required by HIPAA and amend or create the policies and procedures necessary to comply with the privacy standards. Policies and procedures required by the rule include:

    • Notice to individuals of how and when a practice uses and discloses protected healthcare information

    • Patient rights granting access to healthcare information and the right to request amendments or corrections to the file

    • Patient rights to restrict uses and disclosures of protected health information

    • The right to request an accounting of disclosures by the practice

    • Standards for ensuring business associate compliance with the HIPAA privacy requirements

  • A daunting aspect of the privacy rule is that it requires practices to translate many of the above requirements into written policies and procedures reflecting compliance with the law. Although your practice already has some of these policies and procedures in place, you will need to assess and identify the areas that must be amended to comply with HIPAA.
    		•
    HIPAA and Medical Practices - Part II PDF Print E-mail
    Security Mechanisms
    The proposed HIPAA security rules were published in August 1998, but the final rules have yet to be published. The security rules are a set of requirements that medical care providers must include in their operations in order to comply. These requirements are divided into four categories:
    Administrative procedures: Documented, formal practices to manage the selection and implementation of security measures. Administrative security procedures include contingency plans for emergencies, plans for backup of data, security training for new and existing personnel, termination procedures for ending employment and audit procedures to review records of system activity. One of the most important administrative procedures is information access policies - documenting who gets access to personal healthcare information.

    Physical Safeguards: Protection of physical computer systems and paper medical records from unauthorized access, intrusion and damage. Physical safeguards include controlling access to storage media such as hard drives and tapes, policies on workstation use and location and providing safe storage of back-up media.

    Technical Security Services: Processes to protect, control and monitor information access. Technical services include implementation of access controls defined in administrative procedures (above), audit records of system activity to determine logins and accesses to individual health records, ensuring data integrity and entity authentication. Authentication provides corroboration that an entity (person, business associate) is who they claim to be and includes password, biometric and tokens.

    Technical Security Mechanisms: Processes to prevent unauthorized access to data transmitted over communications networks. Technical security mechanisms include integrity controls, message and entity authentication, access controls and encryption.

    One example of a poorly implemented procedure which medical practices should examine closely is the use of electronic communication for various practice functions, including prescription requests, billing questions, appointment requests and non-urgent medical advice. One of the main issues in medical practices surrounding electronic communication for these functions is maintaining confidentiality of the information being communicated. Nevertheless, many practices that currently use electronic messaging with patients use non-secure e-mail systems to communicate with patients. Medical practices that use non-secure electronic messaging services to communicate any information about patients should consider discontinuing this practice or using a service that provides secure messaging functions to the practice

    Electronic Signatures .
    The Electronic Signatures in Global and National Commerce Act that President Clinton signed into law became effective on October 1, 2000, but may be inadequate for healthcare records. The proposed HIPAA security rules contain stronger security standards for using electronic signatures than the standards in the electronic signature law. When the final security rule is published, it could let the electronic signature standard for health care records stand, it could eliminate the standard completely or it could make changes to the standard in the proposed rules. No matter what happens with the electronic signature standard in the final HIPAA security rules, it behooves physicians to have a basic understanding of what is entailed when they digitally sign a document.

    The terms "electronic signature" and "digital signature" refer to different entities. An electronic signature refers to any electronic file, such as a sound file, image or process associated with a record and used for the intent of signing the record. Electronic signatures can be a digital signature (see below) or something as simple as a scanned signature, which is saved electronically and is affixed to a document. The proposed HIPAA security rules state that if an electronic signature is used to sign a document, it must be a digital signature. A digital signature is an electronic signature with the added feature of being tightly bound to the document. Instead of just being affixed to a document, a digital signature is electronically intertwined so that a unique digital identifier (called a "hash" mark) is produced. This feature is important because it supports the following technical features:

    1. User authentication: Ensures that the digital signer's identity is authenticated
    2. Message integrity: Ensures that the message is not altered
    3. Nonrepudiation: Prevents the sender from denying that he or she signed the document

    Before signing documents with a digital signature, both the sender and recipient must obtain digital certificates issued by Internet security firms known as certification authorities. Physicians digitally signing healthcare documents will likely become the norm no matter what the outcome of the final HIPAA security rules.

    Electronic Data Interchange
    The final Transaction Standard under HIPAA creates standard data content and formats for submitting electronic claims and other healthcare information. All medical practices performing electronic transactions must comply with this final rule by October 2002. Many commentators agree that while significant costs can be incurred to convert to the standard code sets and transactions standards required by HIPAA, savings will result from the conversion. The single standard encourages the use of EDI within small medical practices since they can implement one system to handle the uniform claims for all payers, rather that needing a system to support the multiple formats that exist today. This rule requires health plans, healthcare clearinghouses and providers to use defined code sets, such as ICD-9-CM, HCFA Common Procedural Coding System (HCPCS) for procedures, Current Procedural Terminology (CPT) for physician services and National Drug Codes (NDC) for drugs and biologics. HHS chose the transaction standards defined by the American National Standards Institute (ANSI X12N) for the following types of transactions:


  • Health claims
  • Health payment and remittance advice
  • Coordination of benefits
  • Health claim status
  • Eligibility, enrollment and disenrollment in a plan
  • Health plan premium payments
  • Referral certification and authorization
  • First report of injury
  • Health claims attachments
    The extent to which the Transaction Standard applies to medical practices will vary, depending on whether the practices perform the above types of electronic transactions in-house - which may require investing in new hardware or software, personnel and training or whether they use a clearinghouse to avoid high implementation costs.

    		•
    Complying with HIPAA - Steps to Privacy and Security Compliance PDF Print E-mail

    Designating a Privacy Officer
    The privacy officer is responsible for implementing and overseeing the privacy policies and procedures for the practice. Small practices may assign the role to one or more persons, while larger group practices may designate a separate person to oversee the integrity of personal health information. The privacy officer has many roles, such as performing a risk assessment of the practice to determine where vulnerabilities lie with respect to personal health information; ensuring privacy and security measures and policies are implemented and adhered to by the practice; and serving as the designated contact person required by the final rule to receive complaints and provide further information about the practice's privacy policy and procedures.

    Initiating Documentation of Privacy Efforts
    A large part of complying with HIPAA requires that a medical practice has established policies and procedures to reduce the risks of inadvertent disclosures and to protect the privacy and security of personal health information. Although some medical practices may already have these policies in place, they may have to amend existing policies and procedures or create new policies and procedures. This may be as simple as documenting routine practices to show a compliance plan is in place and that employees are aware of the expectations with respect to protecting the privacy and security of personal health information. Examples of the required policies are discussed in HIPAA and Medical Practices.

    Steps to Privacy and Security Compliance

    1. Identifying risks
    Performing a risk assessment should be the first order of business for a newly appointed privacy officer. A risk assessment is used to assess where privacy and security threats may exist with respect to personal health information. Medical practices deal with a variety of vendors, healthcare entities and other providers. A first step to assessing the vulnerable areas of a medical practice can be to make a list of every business function or activity that involves the use or disclosure of personal health information and to evaluate whether there are procedures in place to reduce the risk of internal or external threats to the privacy and security of the personal health information.

    A Risk Assessment Survey designed by experts is available in the Manage Your Practice tab of the Member Center under Regulatory and Legal.

    2. Elements of a plan
    Once a practice identifies the areas where potential threats to personal health information exist, it must create a plan around those identified areas to reduce such risks. Creating a plan establishes the direction and goals a practice must take to prevent the misuse or unauthorized disclosure of personal health information. Establishing a plan can be as simple as prohibiting employees from keeping their Username and password on a note attached to their computer or implementing a policy identifying the process for responding to requests for disclosures of information about your patients.

    3. Implementation of a plan
    HIPAA compliance does not mean having a binder full of paper with policies and procedures that the practice does not follow. Policies should be developed or amended as the practice integrates compliance into its everyday business activities. Compliance should be incremental so that employees are not overwhelmed and can gradually build a culture within the practice where maintaining the privacy of personal health information is a priority of the practice.

    4. IT security plan
    This standard applies to a large hospital or a small medical practice setting. At a minimum, practices are required to conduct a risk assessment and develop a security plan to protect confidential patient information from inadvertent misuse or disclosure. The proposed security standard is divided into four categories which were discussed in HIPAA and Medical Practices. Implementation of a security plan will vary widely depending on the level of digital technology used in a practice. For example, a practice that submits all claims on paper and keeps paper medical records will have a different security plan than a practice where all claims are submitted via the Internet and all medical records are computerized.

    An example of a single component of an IT security plan for each of the four categories is provided below:

    Administrative procedures: All new employees will receive privacy and security training at the time of hire. All existing employees will receive privacy and security training within six months of the HIPAA compliance date.

    Physical safeguards: All workstations where patient information is displayed will be situated so only authorized practice personnel will be able to view the screen.

    Technical security services: A system is implemented which can authenticate individuals and provide them with the level of access determined in the administrative procedures

    Technical security mechanisms: All products and services using the Internet as a means of transmitting patient information and all browsers used in the practice will support 128 bit encryption

    5. Educating colleagues and employees
    All personnel having contact with personal health information must be trained on the practice's privacy and security policies and procedures. Training should be relevant to the person's function in your practice. All employees should be aware of the types of data that are considered protected, when health information may be released, under what circumstances personal health information may not be released and situations when the security of identifiable health information may be jeopardized. Training for new employees should occur within a reasonable period of time after an employee joins the practice. If a member of the practice takes on new responsibilities with greater rights of access to personal health information, he or she must also be trained within a reasonable period of time following the change in position. Training should be integrated into the practice's compliance plan, including documentation that the training occurred in accordance with the practice's policies and procedures.

    HIPAA covers many types of communications that employees may not even think are a violation of a patient's privacy under the rule. For example, staff discussions regarding patients in the office or in public space, or even discussions loud enough to be heard, are privacy issues.

    6. Monitor and enforce
    An important part of a privacy officer's role is to ensure the practice is actively adhering to the privacy and security policies and procedures established by the practice. As with any type of compliance plan, identifying risks and implementing a plan to reduce those risks are just the beginning. Monitoring whether the practice adheres to its own policies and procedures can help identify whether the policies are working or new areas of risk within the practice. Also, if an employee or business associate fails to adhere to the policies and procedures established by the practice, some form of discipline must occur and be documented by the practice. Since HIPAA requires medical practices to provide a complaint process to individuals who feel the practice is not adhering to its policies and procedures, the government is no longer the only party to whom medical practices will have to answer about whether they are HIPAA compliant.

    Benefits of HIPAA PDF Print E-mail

    Marketing the Privacy and Security Plan to Patients, Colleagues and Business Associates
    Medical practices should not only develop policy and implement procedures in the area of privacy and security, but also take advantage of their work in this area by marketing their privacy and security plans. The identity of the Chief Privacy Officer (CPO) should be made known to patients on consent and authorization forms, materials sent to new patients and on the practice Website. A medical practice should place a copy of its privacy policy on the practice Website in a prominent location. Patients, colleagues and business associates should be made aware that the medical practice trains its personnel about privacy of personal health information. Practice administrative and medical personnel should be proactive and ask patients if they have any questions about how personal health information is protected. All questions about privacy that cannot be answered easily by other personnel should be directed to the CPO.

    Privacy is an Enabler, Not an Obstacle
    Medical practices can reap benefits by addressing privacy and security concerns. Strong privacy policy and procedures provide patients with trust, and with trust comes willingness to share information. Sharing information is the basis of the patient-physician relationship. Keeping personal health information confidential is a responsibility a physician accepts as part of the physician-patient relationship. Patients have an expectation that the secrets they tell physicians will be kept away from people who are not authorized to know the information. A heightened awareness of current privacy issues provides an opportunity to reinforce the commitment to respecting privacy that medical providers have toward their patients. Practice employees who interact with patients can be better prepared to answer patient questions about privacy and security measures implemented by the practice.

    As public awareness of the privacy and security concerns relating to personal health information grows and medical practices continue to integrate technology into everyday practice operations, the future of medical practices will not only be to establish a reputation for quality care, but also provide assurances it can give of its commitment to the privacy and security of patient information.

    Electronic Data Interchange Efficiencies
    Another important aspect of HIPAA is the Final Transaction Standard issued on August 17, 2000. This law created standard data content and formats for submitting electronic claims and other healthcare transactions. For practices not yet using EDI, HHS expects that standardizing the process of healthcare claims and reducing the volume of paperwork will save the healthcare industry billions of dollars. HHS' projected benefits of EDI for providers will be $16.7 billion from 2002-2011. Small medical practices will have an incentive to move toward electronic claims because one format will be required for all payors whereas currently over 400 formats exist. Benefits include reduction in manual entry, postage savings and elimination of postage delays, elimination of costs associated with the use of paper forms, staff to receive and store paper and easy access to data. Paper claims cost approximately $5.40 per claim in time, materials, associate salaries, benefits and supplies, whereas electronically they cost approximately $.85.

    Medical practices face different issues when deciding whether to transition to EDI, such as performing electronic billing functions in house using a third-party billing agency.

    Raising Consciousness of Practice Personnel
    One of first steps in developing and implementing privacy and security policies and procedures in a medical practice is to appoint a person in charge of privacy, a Chief Privacy Officer (CPO). Moreover, the HIPAA privacy rules require the designation of a CPO. The appointment of a CPO and the announcement to the practice personnel that there is a CPO will start raising consciousness about privacy and security. Although there are many roles performed by the CPO, two responsibilities that will go a long way in bringing along practice personnel are the provision of leadership to the practice on privacy and security matters and the development of employee privacy policy, which includes privacy education for new and existing employees. Posting articles from newspapers, magazines and the Internet about privacy in a common employee area is another easy method of bringing these issues to employees. Personalizing privacy and security issues makes people appreciate the importance of privacy. For example, pose the question: "How would you want your very secret medical information handled by a medical practice?" When practice personnel start treating all patient personal health information as their own then the CPO can feel confident that their efforts are succeeding.

    Avoiding Possible Penalties
    Medical practices must be aware of the significant monetary fines that can be imposed under HIPAA for the failure to protect and maintain the privacy and security of personal health information. In addition, government funding for the investigation of healthcare related crimes has increased significantly over the past 10 years, making even small providers subject to a possible investigation or audit for failing to comply with HIPAA. Fines that may be imposed under HIPAA include:

  • Civil monetary penalties of not more than $100 per violation for general disclosures, with a maximum penalty of up to $25,000 per person per violation of a single standard within a calendar year

  • Fines of up to $50,000 and/or imprisonment of not more than a year for intentional disclosures of protected health information

  • $100,000 and/or imprisonment of not more than five years for obtaining or disclosing protected health information under false pretenses

  • $250,000 and/or imprisonment of not more than 10 years for obtaining protected health information with the intent to sell, transfer or use it for commercial advantage, personal gain or malicious harm

  • The Office of the Inspector General (OIG) may also impose civil monetary penalties (CMP) for fraud and abuse established in conjunction with HIPAA, including fines of $10,000 for improperly billed medical services.

    HIPAA also requires that medical practices have and apply appropriate sanctions for any employee or business associate who violates the privacy and security policies and procedures of the medical practice, and documentation must be kept of the sanctions.

    • Boutique Doctors Cater to Patients PDF Print E-mail

    Christine Wiebe Fed up with the pressures of managed care, a small cadre of physicians is forming "concierge"-style practices that offer top-notch accessibility and service - at a price.

    Imagine getting in to see a doctor the same day a medical problem arises, or being able to call the doctor's cell phone at any hour for a consultation or prescription. Imagine a primary care physician accompanying a patient to a specialist's office in order to coordinate their care, or actively managing a patient's weight-loss program.

    About a dozen or so doctors in a few pockets of the country are working to make that version of medical utopia a reality. Fed up with the harried and depersonalized approach demanded by managed care payers, a small number of doctors have formed new "concierge"-style practices that offer that a high level of accessibility and service.

    The services offered through these practices don't come cheap, of course. Physicians are able to offer them by reducing patient loads and charging extra service fees. Although the medical concierge trend is still fairly new, these doctors have been successful enough that they are spreading their vision across the country, enlisting other doctors to follow their lead.

    Meanwhile, critics have lobbed harsh accusations of greed and elitism at this physician cadre. They argue that America should be closing the widening gap between the insured and the 40 million uninsured, rather than adding yet another tier of medical care.

    "It's adding an obscene third level to the way we deliver health care in this country," declared Martin Solomon, MD, a prominent Boston internist and instructor at Brigham and Women's Hospital. He was solicited by the largest group, called MDVIP and based in Boca Raton, Fla., but he remains unpersuaded.

    "I did not go into medicine to just take care of rich people," he said.

    Doctors involved with these special-services practices take issue with that characterization, however. In fact, the prices and range of services vary considerably, from the most exclusive, called MD2 (pronounced MD-squared), which costs $20,000 a year per couple, to the more affordable services of MDVIP - "the cost of a latte a day," as backers like to say.


    Serving Different Clienteles
    There's a reason why the price of latte is bandied about: The medical boutique trend started in Seattle, where a daily expenditure for coffee is considered the norm. Founders of MD2 believe they were the first to design and promote a boutique practice in 1996 that provides first-class service to an elite clientele. In 2000, they opened the first "franchise" across town, and are planning to expand across the country.
    "Most of these patients are incredibly mobile people, with multiple homes," said Duane Dobrowits, chief executive officer. The company is in discussion with 30 practices across the country, seeking to build a network that could provide services wherever its clients travel.

    An annual retainer paid by patients covers the costs of all primary care, but they are expected to carry insurance for hospitalizations, he explained. Physicians care for a maximum of 50 "family units," and they do not deal with any managed care restrictions or insurance claims. "We simply don't go there," he said.

    Dobrowits is unfazed by charges of elitism just because the company provides special services to its clients.

    "There is a niche of people who want this access," he said. "These are the same people who send their children to private schools. We're simply filling that demand."

    Although the MD2 clientele is undoubtedly wealthy, other service-oriented practices are catering to the middle class for much lower fees. Services range from priority phone lines to broader preventive care, and clients still carry medical insurance and are responsible for co-pays and deductibles, in addition to the annual service fees.

    "Patients interested in our practices are definitely different than the ones paying $20,000," said Ed Goldman, MD, president of MDVIP, a group of eight Florida doctors that charges $1,500 a year for non-insured services.

    "By charging for these services, we're able to generate enough income to reduce the patient size of the practice," he explained. Patients wait less than two minutes on average for their appointments, which usually are scheduled the same day they call.

    Doctors have enough time with patients that they can focus on preventive care, which is only given lip service in most traditional practices, Dr. Goldman said.

    "I see this as being a niche for patients who are interested in preventive care and for physicians who are interested in providing that," he said. The group is planning to expand and eventually could include 100 or so doctors nationwide. Doctors who have expressed interest in joining tend to be older, locally prominent and pro-active in preventive care, "and they are not happy with what they're doing now," Dr. Goldman said.

    Physicians wishing to join must close their existing practices and start over, with no financial guarantees and with severed ties to the majority of their patient population. Some patients have complained about being "abandoned" in the process, and have even complained to Medicare officials, prompting probes by state officials and legislative debates.

    Discontent Spurs Patient Interest
    Increased scrutiny by regulatory agencies has been an unwelcome surprise, Dr. Goldman said. But the high level of patient interest in the program has exceeded his expectations. "I had totally miscalculated the level of discontent with the current health care system," he said.
    In Boston, two internists sparked public attention recently when they announced they were forming a service-oriented practice, scheduled to open in April, with two more doctors joining the group shortly. They will charge patients $4,000 a year for special services not covered by medical insurance.

    "What we're selling is the fact that we're far more available and we can provide a higher level of service coordination than is available in other practices," said Steven Flier, MD, one of the founders. He compares the additional fee-for-services with other non-medical costs patients often incur, such as parking fees at hospitals, or paying out of pocket for elective procedures such as lasik eye surgery or cosmetic surgery.

    The level of media attention spurred by his announcement has surprised Dr. Flier, who views his new practice simply as one doctor's solution to shortcomings in the existing health care system.

    "We aren't doing this to be trend-setters," he said. "We're doing this because we see a need for changing what we do relative to our patients."

    He has also been surprised by patients' reactions; some who he expected to oppose it have actually enrolled, while others have switched to another doctor.

    One patient accused him of catering to the wealthy. Dr. Flier pointed out that the patient's two-pack-a-day smoking habit cost him about the same amount annually as the medical service fee.

    "No one goes around saying that smoking is a habit only for the wealthy," Dr. Flier said. "People do make choices in that range of dollars."

    Overall, subscriptions for the first year have exceeded the doctors' expectations, he said, and they now will turn their attention to satisfying patients so that they will re-enroll next year. In the meantime, he welcomes the public debate about problems with the current health care system.


    A Catalyst for Change?
    Even critics of the new VIP practices hope the trend will force greater public discussion about health care in this country, particularly the question of whether quality health care is a privilege for some or a right for all. The trend could even put pressure on the existing system to provide better service to all patients.
    In Seattle, competition introduced by the concierge-practices drove one medical center to create its own special-services unit. The Virginia Mason Medical Center initiated its program, called the Dare Center, after losing some of its patients to the MD2 practice, said John Kirkpatrick, MD, who fostered Virginia Mason's program and now cares for patients who pay the annual $3,000 fee.

    As an employee of the medical center, Dr. Kirkpatrick does not benefit directly from the revenue generated by the program, but the medical center has used the extra dollars to support its free care of the poor.

    "I'm very confident that this has helped the overall organization," he said.

    Patients in the program vary from those who are very demanding and expect lots of attention, to those who simply do not want to spend their time sitting in waiting rooms, he said. Patients can call his cell phone day or night, seven days a week.

    "It would be nice to be able to give everybody this kind of service," Dr. Kirkpatrick said. But the government and private insurers simply cannot afford everything that Americans demand in health care, he said.

    "This is not the answer for everything," Dr. Kirkpatrick said, "but it may be a partial answer to get more people who can afford it to put more dollars into the medical system."

    The notion of some people getting better care than others, however, deeply disturbs critics.

    "It's contrary to what American medicine has stood for," said Boston physician Dr. Solomon. He believes that catering to patients' unrealistic demands will drive an even bigger gap between levels of health care.

    "Not everybody needs to be seen the day they call," he said. "It's a total luxury."

    Advocates of the new service-oriented practices insist, however, that both doctors and patients can benefit from the arrangements, and that they are simply one alternative to the traditional health care system.

    Boston internist Dr. Flier asks: "If providers and patients are dissatisfied and want something better that works, why would anyone oppose that?"
    More...
    << Start < Previous 11 12 13 14 15 16 17 18 19 20 Next > End >>

    Results 163 - 171 of 286
    Robyne Wilkerson
    Our other Physiatry Related Sites by PM&R Resources R. Wilkerson