HIPAA privacy regulations hinder research efforts
Privacy regulations under the Health Insurance Portability and Accountability Act (HIPAA) were designed to protect patients’ medical records and personal health information. But these regulations have inadvertently affected the productivity and the ability of researchers to conduct studies.
Two recent studies underscore the problems. Results of the first study were presented during the AAOS 2005 Annual Meeting. Arabella I. Leet, MD, and Gail S. Chorney, MD, focused on research in pediatric orthopaedics. A second study, from the University of Michigan Cardiovascular Center, focused on outcomes research and was published in the Archives of Internal Medicine.
Impact on orthopaedic research
According to Drs. Leet and Chorney, HIPAA privacy regulations have reduced both the number of research studies being conducted and participation by patients. The regulations also have made conducting research more time consuming and costly. Their electronic survey, sent to members of the Pediatric Orthopaedic Society of North America, yielded a 19 percent response rate (115 respondents). Nearly two-thirds of respondents (64 percent) were full-time academic surgeons. Among their findings:
Nearly nine in 10 respondents (89 percent) reported that they spent more time on paperwork involved in obtaining institutional review board approval.
Nearly four in 10 respondents (38 percent) abandoned projects when the HIPAA privacy regulations were initiated. About 40 percent of respondents reported that the cohort size of their studies decreased.
The number of research projects or papers completed by respondents significantly dropped during the first year after HIPAA privacy implementation.
Effect on outcomes data
HIPAA requires that patients sign a written authorization before their medical records can be reviewed or follow-up phone surveys conducted. Researchers at the University of Michigan found that the patient consent rate to participate in follow-up research dropped from 96 percent before HIPAA (when a phone call was used to request consent) to 34 percent after HIPAA (when a mailed consent form was used).
The cost of being HIPAA-compliant was considerable. The team determined that computing time, staff hours, office supplies and postage would total more than $8,700 in the first year of a research project, and more than $4,500 per year after that, in addition to the usual costs.
Finally, researchers found that the data could be skewed based on patient participation. Patients who returned the written consents were more likely to be older, married and white than those who refused to consent or didn’t answer.