Tuesday, July 03, 2007

The Problems with HIPAA

The 1996 Health Insurance Portability and Accountability Act (HIPAA) has led to family members and caretakers being unable to access needed information about a patient:

Government studies released in the last few months show the frustration is widespread, an unintended consequence of the 1996 law.
Hipaa was designed to allow Americans to take their health insurance coverage with them when they changed jobs, with provisions to keep medical information confidential. But new studies have found that some health care providers apply Hipaa regulations overzealously, leaving family members, caretakers, public health and law enforcement authorities stymied in their efforts to get information.

The law is unclear, and in most cases the safest thing to do is not share information:

Some reports blame the language of the law itself, which says health care providers may share information with others unless the patient objects, but does not require them to do so. Thus, disclosures are voluntary and health care providers are left with broad discretion.

Teaching staff to protect records is easier than teaching them to share them, said Robert N. Swidler, general counsel for Northeast Health, a nonprofit network in Troy, N.Y., that includes several hospitals.
“Over time, the staff has become a little more flexible and humane,” Mr. Swidler said. “But nurses aren’t lawyers. This is a hyper-technical law and it tells them they may disclose but doesn’t say they have to.”

Of the 27,778 privacy complaints filed since 2003, the only cases investigated, she said, were complaints filed by patients who were denied access to their own information, the one unambiguous violation of the law.

So as long as you give patients access to their own information, there is no penalty for being secretive with most others, leading to situations like this:

Birthday parties in nursing homes in New York and Arizona have been canceled for fear that revealing a resident’s date of birth could be a violation.

Patients were assigned code names in doctor’s waiting rooms — say, “Zebra” for a child in Newton, Mass., or “Elvis” for an adult in Kansas City, Mo. — so they could be summoned without identification.

Nurses in an emergency room at St. Elizabeth Health Center in Youngstown, Ohio, refused to telephone parents of ailing students themselves, insisting a friend do it, for fear of passing out confidential information, the hospital’s patient advocate said.

State health departments throughout the country have been slowed in their efforts to create immunization registries for children, according to Dr. James J. Gibson, the director of disease control in South Carolina, because information from doctors no longer flows freely.


Ben1381 said...

I agree the HIPAA law is out of control. I have two instances where I think it has been abused.
1. Where I tried to obtain coverage information for my 19 year old son regarding the benefits my insurance would pay for him. After filing a complaint with the Office of Civil Rights I found out that GHI the insurer has a "privacy office" to deal with these issues and I eventually got the information I wanted. But OCS rejected my complaint.
2. The company that provides diabetic supplies to my wife called and said there was a billing problem. Since I thought my insurance covered the supplies in full I was surprised by the call. When I called back I was told that the company allegedly had to leave that kind of a message because of HIPAA and that they were really only calling to see of she needs more supplies.

Anonymous said...

I feel like the law isn't enforced enough. I was a patient at our local health clinic and later found out from a girl that works in the building but not in that department, and also doesn't have anything to do with the medical aspect of it, that she looked in my file out of curiosity (she knew my childs father) and told me some of my test results. I feel that was completly wrong, and my file should have never been in her hands. I have yet to receive a phone call or any kind of notification that anything is being done with my complaint with HIPAA.

Anonymous said...

After my sister's death from breast cancer less than a year ago, I became my 78-year old ill parents' only child. My father has always been very controlling, abusive to my mother in every way, and constantly threw us out to stay with relatives and friends. After being hospitalized in early July 2010, many problems with his health turned up which has kept him there nearly three months, leaving my mother (with moderate alzheimers) without long term protection 24-hour assistance in their home except for myself as I work a 40-hour per week job. Their primary care physician and staff have provided little or no information or answers to any of my questions under HIPAA, assisting my father in throwing my mother into a nursing home where her needs are not being met; she loves walking around and doing little things, but her nurse there says they cannot stay with her to see that she does not fall. The Medicaid/EDA program would have probably kept her at home and paid for a therapist as well, but my father stopped the process because HIPAA empowered him in keeping his deteriorating condition secret through their primary care physician, and the fact that he needed 24/Hr care himself. First night after his release from the hospital, he fell down and medical alert phoned me but my father had changed the locks so my mother and I could not re-enter (only his sister and brother, both in their 70's and 80's, both ill). Many things ARE right about HIPAA, but even more are WRONG.

Jus said...

What's wrong with HIPAA is that, as in so many other situations, humans have allowed a law to supplant the implementation of common sense.