Quest Diagnostics 2006 Annual Report Download - page 38

Download and view the complete annual report

Please find page 38 of the 2006 Quest Diagnostics annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 131

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131

Healthcare Information Technology
Clinical laboratories use information technology to obtain laboratory orders and to communicate results and
provide other laboratory reporting. Innovations in healthcare information technology, or HCIT, have the potential
to improve patient care, promote efficiency and reduce expense. Both at the federal and state levels, there are
public and private efforts to bring together healthcare providers, information technology vendors, and other
stakeholders to facilitate the creation of healthcare information interoperability standards and a national healthcare
network, including adopting standard clinical code sets and standards for healthcare information electronic
interoperability (standards for the exchange and use of electronic healthcare data).
We and MedPlus, our HCIT subsidiary, could be impacted by any national healthcare information network
and the adoption of standards and codes for HCIT interoperability, because of substantial existing investments in
software and hardware and the potential for having to make substantial future investments to comply with new or
different standards and clinical coding systems. On August 8, 2006, the Office of the Inspector General, or OIG,
published a final rule providing safe harbors to the federal anti-kickback statute and CMS published a final rule
providing exceptions to the Stark self-referral prohibition law permitting various entities to provide e-prescribing
items and services and electronic health records (EHR) items and services. Under the final rules, certain donors
(but not laboratories) may provide e-prescribing items and services to referral sources at no charge, and a broader
range of donors (including laboratories) may provide a broader range of HCIT items and services in return for a
payment of fifteen percent (15%) of the donor’s cost and compliance with other conditions.
We and ACLA, our trade association, continue to monitor standards development, proposed legislation and
the rulemaking process. Through representatives on various industry work groups and governmental advisory
bodies, we are providing relevant information to policy makers to ensure that issues important to medical
laboratories are reflected in any interoperability standards, HCIT legislation and proposed regulations.
Privacy and Security of Health Information; Standard Transactions
Pursuant to HIPAA, the Secretary of the Department of Health and Human Services (“HHS”) has issued
final regulations designed to improve the efficiency and effectiveness of the healthcare system by facilitating the
electronic exchange of information in certain financial and administrative transactions while protecting the privacy
and security of the information exchanged. Three principal regulations have been issued in final form: privacy
regulations, security regulations and standards for electronic transactions.
The HIPAA privacy regulations, which fully came into effect in April 2003, establish comprehensive federal
standards with respect to the uses and disclosures of protected health information by health plans, healthcare
providers and healthcare clearinghouses. The regulations establish a complex regulatory framework on a variety
of subjects, including:
the circumstances under which uses and disclosures of protected health information are permitted or
required without a specific authorization by the patient, including but not limited to treatment purposes,
activities to obtain payment for our services and our healthcare operations activities;
a patient’s rights to access, amend and receive an accounting of certain disclosures of protected health
information;
the content of notices of privacy practices for protected health information; and
administrative, technical and physical safeguards required of entities that use or receive protected health
information.
We have implemented practices to meet the requirements of the HIPAA privacy regulations. The HIPAA
privacy regulations establish a “floor” and do not supersede state laws that are more stringent. Therefore, we are
required to comply with both federal privacy standards and varying state privacy laws. In addition, for healthcare
data transfers relating to citizens of other countries, we need to comply with the laws of other countries. The
federal privacy regulations restrict our ability to use or disclose patient-identifiable laboratory data, without
patient authorization, for purposes other than payment, treatment or healthcare operations (as defined by HIPAA)
except for disclosures for various public policy purposes and other permitted purposes outlined in the final
privacy regulations. The privacy regulations provide for significant fines and other penalties for wrongful use or
disclosure of protected health information, including potential civil and criminal fines and penalties. Although the
HIPAA statute and regulations do not expressly provide for a private right of damages, we could incur damages
under state laws to private parties for the wrongful use or disclosure of confidential health information or other
private personal information.
17