New HIPAA Guidelines Designed To Protect Patient Privacy

"Pretty much, it went from Y2K preparation to HIPAA preparation," said Britt Crewse, the chief compliance officer at Duke University Health Systems.

New HIPAA guidelines are designed to protect the privacy of patients.

Health care workers are now required to give patients a handout that lays out their information rights.

"To ask the hospital or health system exactly what we have done with their health information," explained Crewse.

He is in charge of making Duke University Health Systems HIPAA compliant. He said there are many myths about HIPAA.

"A lot of people have the misconception that if you want to have conversations about patient care you have to take them to essentially, a sealed room," he said. "That's not true. You can still have those conversations but you need to be careful."

Inpatient care will see some of the biggest changes.

Beginning April 14, patients can choose not to list their name on the patient directory.

"If they don't want to be in the directory then essentially we can't communicate to anybody that the patient is here," said Crewse.

Pharmacies are flooded with HIPAA paperwork.

"There are lots of forms now that people have to fill out," said Mike James, a pharmacist.

With HIPAA, pharmacists are not allowed to talk openly about a patient's specific drug. It can only be discussed in a counseling area.

"Interesting part about it is if you walk up to me and say 'Can you tell me about a drug? Which is the drug I'm taking?,' then we're fine to stand here and talk about it because you breached your confidentiality," said James.

Customers are still permitted to pick up prescriptions for other family members unless they have signed a form indicating otherwise.

"We're not here trying to keep a person from having their medication. We just want to make sure their privacy is covered," said James.

Under HIPAA, every patient form must be kept on hand for six years.

Pharmacies and doctor's offices are also installing shades for computers so people can not see patient names.

It's a felony offense to violate HIPAA regulations, which include penalities up to $250,000 plus prison time.