On the flip side, my insurance company has no problem mailing explanation of benefits not only for myself but also our adult son, revealing details of our medical care, directly to my husband since he is the "primary " on the policy...
4
Whatever attorneys may say about health laws in theory, healthcare providers know that we are vulnerable to being put on trial like criminals before a jury of our peers to determine whether our actions met a perceived standard or not. Few people anywhere carry such risk throughout their everyday work lives. This dehumanizing treatment of doctors etc. translates into dehumanized behavior towards others. Tort reform anyone?
1
As a compliance professional who educates and trains healthcare workers on the HIPAA regulations, it is not uncommon to hear the "Because of HIPAA" preamble to statements that indicate why the healthcare facility worker or facility will not share (disclose) information. Unfortunately, this is not only a common response...it may also be one of the poorest.
Because of this, patients and their representatives need to become "sophisticated residents" within HIPAAdom. They need to understand some of the basics of what may be disclosed versus what must be disclosed upon request.
At a minimum I suggest that when one hears the "Because of HIPAA" phrase, ask specifically what is it in HIPAA that the person is referring to. The HIPAA regulations consist of thousands of words and many discrete sections...so if you can't be told specifically why you can't get the information you are requesting, chances are the person answering you doesn't know why this is the case.
Simply elevate your request to someone that can provide an answer. The good news is that all health care providers who must follow the HIPAA rules must also designate an individual responsible for compliance...simply ask to speak to that person. That is often a very good first step.
Yes...we do hear about those organizations that maybe are not very well versed with HIPAA, but there are many more that apply HIPAA very well.
Good luck!
Because of this, patients and their representatives need to become "sophisticated residents" within HIPAAdom. They need to understand some of the basics of what may be disclosed versus what must be disclosed upon request.
At a minimum I suggest that when one hears the "Because of HIPAA" phrase, ask specifically what is it in HIPAA that the person is referring to. The HIPAA regulations consist of thousands of words and many discrete sections...so if you can't be told specifically why you can't get the information you are requesting, chances are the person answering you doesn't know why this is the case.
Simply elevate your request to someone that can provide an answer. The good news is that all health care providers who must follow the HIPAA rules must also designate an individual responsible for compliance...simply ask to speak to that person. That is often a very good first step.
Yes...we do hear about those organizations that maybe are not very well versed with HIPAA, but there are many more that apply HIPAA very well.
Good luck!
3
As an emergency physician I too have witnessed many absurd interpretations of HIPAA, and agree with the overall thrust of the article that the law is widely misunderstood. Unfortunately the author herself provided a glaring example of such misunderstanding with her statement that "the law does not prohibit health care providers from sharing information with family, friends or caregivers unless the patient specifically objects." Were this true, I could walk out of the room of the man whose sexually transmitted disease I just diagnosed and call his family to let them know about his condition unless he had anticipated this and "specifically object[ed]" in advance. The default condition is that I must not disclose until I have obtained permission, which is not equivalent to the absence of a stated objection.
3
Dr. Lerman, my legal experts say that you have to give a (competent) patient a reasonable opportunity to object. He does not actually have to say, "Go ahead, that's OK by me" or sign a document to that effect. Although in practice most hospitals and other facilities will ask for written permission, the privacy rules don't require that.
1
I agree with your legal experts--but your piece omitted the vital component of giving the patient a reasonable opportunity to object, leaving the reader with a very mistaken impression of what is permissible. Tacit agreement from a patient may be inferred when s/he has allowed family to the bedside during a discussion (although even in that situation it is advisable to get an explicit approval before divulging something especially sensitive). But for almost any other sort of disclosure (i.e. to anyone not already in the room with the patient at the time) permission must be sought. Failure to "specifically object" when no reasonable opportunity to do so has been provided is NOT equivalent to consent, and your readers deserve a clarification of this.
3
HIPPA is one of the most poorly conceived ideas in recent decades. It is potentially disastrous for pediatric and geriatric patients. A demented patient oftentimes has no clue what is going on, particularly if a delirium is layered over the dementia. Someone has to be notified and asked for corollary information that may be lifesaving.
It has gone much too far. I had to sign a HIPPA agreement at the optometrist's. I'll come out. I WEAR BIFOCALS!!!!! HIPPA not needed.
It has gone much too far. I had to sign a HIPPA agreement at the optometrist's. I'll come out. I WEAR BIFOCALS!!!!! HIPPA not needed.
5
So you're a patient in a double room in the hospital. Or you're sitting in a little cubicle checking in or checking out from a doctor's visit. Everyone can hear the conversation about your health, sometimes in embarrassing detail. Why doesn't HIPAA apply to that?
10
Very good question...
2
One of the biggest problems with HIPAA is providers denying patients access to their own medical records. While HIPAA specifically allows for this, many providers make you jump through many hoops to get these records, making it near impossible (or at least very time-consuming!) to actually get them.
I tried to get a copy of my medical records from Kaiser Permanente, and it literally took months and the intervention of the ombudsperson to get them. While Kaiser had a process for releasing medical records, no one in member services seemed to know what that process was (everyone gave me different answers, and those answers all turned out to be wrong), and the medical records department never answered the phone or returned calls. It was a nightmare. In the end, I had to call the ombudsperson to intervene, and that finally did the trick.
It ended up delaying care at my new provider by several months! (They wouldn't treat me without my former records.) So here HIPAA is supposed to protect patients, but it actually makes it much more difficult to move around to different providers and get care.
I tried to get a copy of my medical records from Kaiser Permanente, and it literally took months and the intervention of the ombudsperson to get them. While Kaiser had a process for releasing medical records, no one in member services seemed to know what that process was (everyone gave me different answers, and those answers all turned out to be wrong), and the medical records department never answered the phone or returned calls. It was a nightmare. In the end, I had to call the ombudsperson to intervene, and that finally did the trick.
It ended up delaying care at my new provider by several months! (They wouldn't treat me without my former records.) So here HIPAA is supposed to protect patients, but it actually makes it much more difficult to move around to different providers and get care.
8
Too often the citing of HIPAA has been used as a means of "I really don't want to be bothered. Case in point: I recently was researching a news story from the year 1912, in which a 15 year old boy was seriously injured by the Burlington Bristol Ferry that used to cross the Delaware River, when he saved several companions who had been in the path of the oncoming vessel. Burlington, NJ and Philadelphia, PA papers mentioned life threatening injuries. He died of pneumonia the following year. I wanted to know if he had returned to school within the town of Burlington. How much school had he missed or did he have to have other arrangements because going to classes were too difficult for him. The Superintendent refused to provide any information, whatsoever, citing privacy concerns. I stated that recent privacy laws were intended to protect present and most-recent generations. I was shocked that a PhD could be so completely ill informed, as well as insensitive to historical fact-finding. It would appear that even well educated people are not immune to stupidity......................or perhaps, laziness.
11
Is anyone really surprised that this has happened? The government, in its infinite wisdom, decided that the office of civil rights should be in charge of administering the HIPAA law. After a few lawsuits from irritated patients that were approved by gung-ho government workers, can anyone blame doctors and other healthcare providers for preferring to keep their mouths shut rather than risk the wrath of the bureaucrats?
2
I was a child protective services supervisor when HIPAA went into effect.
Suffice to say that HIPAA made advanced degree holding medical professional, mandated reporter, professionals stupid, abjectly stupid.
I hope it's some better.
Suffice to say that HIPAA made advanced degree holding medical professional, mandated reporter, professionals stupid, abjectly stupid.
I hope it's some better.
1
I have two family members who are in and out of nursing homes or hospitals. I work at a large medical facility and have had HIPAA training numerous times. I am amazed at the number of misinterpretations of HIPAA I hear all the time from other places. I once called the nursing home and after hesitation on the other end was told my family member was not there. They refused to tell me where he was. It turns out he had gone home. I thought he had died. I am constantly dealing with them thinking every single thing is secret.
5
EXTREMELY pleased to see The Times take a run at this mess. Because the threat of litigation around this and malprac is truly crippling the healthcare system. I could have continued to work in acute psych for several more years. But I was collecting a paycheck to accomplish next to nothing most of the time... in no small part because of this junk.
4
How about this for bizarre use of HIPAA: my wife was diagnosed with cancer and asked her supervisor to inform other people at work how she would be on medical leave and why. The supervisor's administrative assistant claimed that would violate HIPAA. When my wife persisted, the administrative assistant had someone from human resources call and inform my wife how this was not an appropriate message for the supervisor to send in addition to being a violation of HIPAA.
Actually this is correct. If your wife wanted people to know she should have emailed them herself. If someone in the company had done it it would have violated HIPAA. What you would like to do yourself is not the same thing your company can do. I can put a flyer on the street sign by my house telling people I have cancer if I want but my employer or supervisor can't send an email telling people I do.
2
Really, why is an employer a covered entity? We searched the internet and could find no evidence of this. Do you have a link?
3
I do not understand why this could be "correct." HIPAA protects privacy that patients want protected. Once a patient gives permission for the release of information, how can HIPAA be properly invoked?
3
HIPAA was passed to give people the illusion that electronic medical records would be private. Its extreme penalties, however, cause the medical community to play it safe by giving out as little information as possible in situations where common sense and ethical guidelines used to prevail.
4
Finally feel heard on this topic.
HIPAA is used and abused for many of the wrong reasons. Here in NYC, when a careless opthamologist failed to call me with biopsy results, I called the staff at his various locations. The only person who actually tried to help--she said "I can't give you your results, but I can tell you that when there is a problem, you would have certainly received a call within [x timeframe], was subsequently fired for doing this. They used HIPAA, in my opinion, as a weapon there. Similarly, as an eldercare caretaker, I've dealt with lazy staff who don't want to take the time to listen to your situation before slamming you with the HIPAA argument. This gives regulation a bad name.
HIPAA is used and abused for many of the wrong reasons. Here in NYC, when a careless opthamologist failed to call me with biopsy results, I called the staff at his various locations. The only person who actually tried to help--she said "I can't give you your results, but I can tell you that when there is a problem, you would have certainly received a call within [x timeframe], was subsequently fired for doing this. They used HIPAA, in my opinion, as a weapon there. Similarly, as an eldercare caretaker, I've dealt with lazy staff who don't want to take the time to listen to your situation before slamming you with the HIPAA argument. This gives regulation a bad name.
5
I wanted to respond to the Patient experience and say thank you for sharing. Your ability to share such a personal story which seemed to be extremely traumatic will hopefully shed light on the issues not only that need to be worked out I. Clarifying HIPPA laws but reflect on issues that need to be worked on in healthcare.
In 2013, I went through a horrifying experience myself which changed my life forever because I asked for help with my depression. It wasn't enough to be traumatised and abused in the psychiatric hospital where I was supposed to get help, but when I was released my HIPPA rights were violated by the hospital. They went to my school having no consent and disclosed information that was falsely documented by the psychiatrist and I was forced to withdraw.
Not only was I forced to withdraw but one of the nine conditions that were demanded upon me to return was to hand over my entire psychiatric record. Two and a half years later in federal court I am still outing my life back together as much as possible while trying to advocate for change.
This article is such an important topic because it touches upon so many important issues.
In 2013, I went through a horrifying experience myself which changed my life forever because I asked for help with my depression. It wasn't enough to be traumatised and abused in the psychiatric hospital where I was supposed to get help, but when I was released my HIPPA rights were violated by the hospital. They went to my school having no consent and disclosed information that was falsely documented by the psychiatrist and I was forced to withdraw.
Not only was I forced to withdraw but one of the nine conditions that were demanded upon me to return was to hand over my entire psychiatric record. Two and a half years later in federal court I am still outing my life back together as much as possible while trying to advocate for change.
This article is such an important topic because it touches upon so many important issues.
2
I'm a HIPAA officer in a medical practice and have to field questions from my staff daily. No, we may not give just any family member information about a patient; family members fight, refuse to talk to each other, and don't always want to share information with parents, children, or siblings. Try explaining to a parent how you told their son ( who is a substance abuse with a restraining order) about their medical condition. Yes, the penalties are stiff for violations, and could drive a practice out of business. Nobody has complained to us, nobody, about requiring written permission to discuss PHI.
4
That sounds good. We get why patients' information is generally kept private, or should be. But I think people would have been a lot more reassured if you had also clarified that it is also just fine to give out "PHI" to someone whom the patient has ACTUALLY SAID you can give the information! When the patient is sitting right there, for goodness sake, and says, "Oh, yes, please talk to my son" why in the bleep isn't that good enough? Why must the son then be tormented? When the person in question has power of attorney - a signed form on file at the facility - why are you not then making sure that the entire staff is clear that information CAN be shared with THAT person?
Is it possible that if this information were simplified and clarified for everyone - for instance, in a simple, 15-minute, all-staff workshop, laying out what the procedures are .... your job might not even need to exist? Could you at least please send around a memo making sure that everyone gets that if someone calls and asks if the patient is awake, "awake" is not special privileged supersecret info? Protected information is medical diagnoses, treatments, prognoses, etc. Protected information is NOT things like "he's feeling better this morning." Please make the staff understand that HIPAA was never meant to override all common sense and common decency.
Is it possible that if this information were simplified and clarified for everyone - for instance, in a simple, 15-minute, all-staff workshop, laying out what the procedures are .... your job might not even need to exist? Could you at least please send around a memo making sure that everyone gets that if someone calls and asks if the patient is awake, "awake" is not special privileged supersecret info? Protected information is medical diagnoses, treatments, prognoses, etc. Protected information is NOT things like "he's feeling better this morning." Please make the staff understand that HIPAA was never meant to override all common sense and common decency.
11
In 2013, there were revilements made to HIPPA some of which included that if a person is living with a relative, loved one, " care giver " and or their bills are being paid by a specific person and a doctor feels that there is specific information that is necessary for these interested parties need to know, they are allowed to tell them if it is within their professional judgement.
Now I think we need to define Professional Judgement. I say thing because not all doctors are ethical and will abuse HIPPA Privacy laws more so in the field of psychiatry, this to the best of my knowledge, then in any other field.
I had a personal experience and I have to thank the NY Times for publishing the story because I think although all the details are not yet released that when they are the public will understand why if HIPPA Privacy laws are changed, how easy it would be for anyone to have their privacy violated by doctors.
http://www.nytimes.com/aponline/2015/07/03/us/ap-us-mental-health-record...
Now I think we need to define Professional Judgement. I say thing because not all doctors are ethical and will abuse HIPPA Privacy laws more so in the field of psychiatry, this to the best of my knowledge, then in any other field.
I had a personal experience and I have to thank the NY Times for publishing the story because I think although all the details are not yet released that when they are the public will understand why if HIPPA Privacy laws are changed, how easy it would be for anyone to have their privacy violated by doctors.
http://www.nytimes.com/aponline/2015/07/03/us/ap-us-mental-health-record...
2
typical govt regulation gone wrong
what happened to next of kin
now I have to pay an attorney 400 for each of my kids once they turn 18 just in case they have an accident
the sooner the govt fixes their mistake the better
college has the same stupid regulation
parents pay the bills but have no insight into how the kid is doing
typical govt gone wrong again
it would be nice if common sense could prevale
stop trying to fix the 20% and messing with the 80%
what happened to next of kin
now I have to pay an attorney 400 for each of my kids once they turn 18 just in case they have an accident
the sooner the govt fixes their mistake the better
college has the same stupid regulation
parents pay the bills but have no insight into how the kid is doing
typical govt gone wrong again
it would be nice if common sense could prevale
stop trying to fix the 20% and messing with the 80%
3
Privacy is a valid concern in some circumstances but the degree of paranoia in the United States is absurd. When my father was in intensive care after a bypass procedure that nearly killed him, the hospital refused to release any information to me because I was not the person named in his medical directives. They were adamant. It was the worst sort of rigid bureaucratic behavior and had no place in a healthcare setting under the circumstances. The United States lives in irrational fear of lawyers and the result is that many people who are perfectly capable of thinking for themselves and arriving at a rational conclusion end up paralyzed, adhering to the letter of the law at the expense of reason and humanity. I wish that I could say that this applies only in the healthcare field, which would be bad enough, but this is a widespread disease.
8
“Providers may be disinclined to give out information anyway, and this provides an easy rationale,” Mr. Carlson, the Justice in Aging lawyer, said. “But Hipaa is more common sense than people give it credit for.”
As a physician, in a LARGE hospital system, I find myself stymied constantly by a barrage of "you can't do that" from people who don't understand HIPAA. For instance, I can no longer receive texts from my medical bureau to my personal cell (which is password protected) that contains two identifiers. So, I can get a name or a phone number but not both! In that past, I could call Ms. Smith off hours and say, "Hello, Ms Smith, what seems to be the problem?" Now, I call blindly and say, "Hello, this is Dr. xxxx" with whom am I speaking?
Interestingly, now I have to actually write this information down on a piece of paper so that I can later document into Ms. Smith's chart. In yonder years, when I could receive a complete text, I would be able to recall the conversation for documentation later. I think this is ludicrous, and yet my organization MANDATES this. So, we doctors are extremely interested in releasing information to patients so we can partner with them. As healthcare becomes more complex with people who don't understand HIPAA, we get pulled into the foray and get handcuffed.
Let's bring some sense to HIPAA. Please release us doctors so we can do our jobs!
As a physician, in a LARGE hospital system, I find myself stymied constantly by a barrage of "you can't do that" from people who don't understand HIPAA. For instance, I can no longer receive texts from my medical bureau to my personal cell (which is password protected) that contains two identifiers. So, I can get a name or a phone number but not both! In that past, I could call Ms. Smith off hours and say, "Hello, Ms Smith, what seems to be the problem?" Now, I call blindly and say, "Hello, this is Dr. xxxx" with whom am I speaking?
Interestingly, now I have to actually write this information down on a piece of paper so that I can later document into Ms. Smith's chart. In yonder years, when I could receive a complete text, I would be able to recall the conversation for documentation later. I think this is ludicrous, and yet my organization MANDATES this. So, we doctors are extremely interested in releasing information to patients so we can partner with them. As healthcare becomes more complex with people who don't understand HIPAA, we get pulled into the foray and get handcuffed.
Let's bring some sense to HIPAA. Please release us doctors so we can do our jobs!
22
HIPPA caused my husband and me untold sadness and aggravation during his six year battle with cancer. I had power of attorney, but it was in the misinterpretation of the law that we ran into trouble. Ten years after his death I am still hurt to remember that once HIPPA came into effect, I was not allowed to accompany him into his dialysis unit to help him get settled into his treatment chair (and he needed the help physically and we both needed the emotional comfort of this short and simple process). I was denied access as I had previously been allowed on the basis that I could possibly overhear other patients' information. Meanwhile my husband reported that while he was there, staff would call out patients' names and treatments for all to hear. Lawmakers did not intend to harm patients , but in the process of the law's interpretation, patients and their family are being hurt.
Carol Horowitz
Carol Horowitz
6
As a former union health plan lawyer, I understood HIPAA to have some flexibility, and I so advised my clients. However, at least at first, it seemed that the information we gave our clients got lost in the "telephone" game of benefits management: lawyers talk to senior account managers, who then talk to benefit administrators, who then talk to benefit clerks, who then will not talk to family members "because of HIPAA". At each step, the information got watered down, until it is easier for the clerk just to say no. I imagine a similar process at hospitals.
The Congressional response is the right one. In addition to good training materials, there needs to be an official poster of basic HIPAA rules that can be hung on the wall of offices and hospitals, just like the ones about minimum wages and prohibited discrimination. That way, the people on the front line will have something official to check.
The Congressional response is the right one. In addition to good training materials, there needs to be an official poster of basic HIPAA rules that can be hung on the wall of offices and hospitals, just like the ones about minimum wages and prohibited discrimination. That way, the people on the front line will have something official to check.
6
"At each step, the information got watered down, until it is easier for the clerk just to say no."
Yes. Especially when the clerk has been told in no uncertain terms that even the slightest slip-up will mean they lose their job on the spot. The front line workers have no incentive to learn the subtleties of HIPAA. They get that the only way to protect themselves is to always say "no" and let someone above their pay grade deal with the ensuing complaints and problems.
Yes. Especially when the clerk has been told in no uncertain terms that even the slightest slip-up will mean they lose their job on the spot. The front line workers have no incentive to learn the subtleties of HIPAA. They get that the only way to protect themselves is to always say "no" and let someone above their pay grade deal with the ensuing complaints and problems.
3
I can only surmise the HIPAA situation is getting worse not better.
In March of 2013, the New Old Age weblog (predecessor to this NOA column) wrote about the misapplication of HIPAA. Comments to the entry numbered around 80. Comments to this article total more than 450. It's disheartening to imagine how many people are being harmed by the way this law is being misapplied since, let's face it, most of them are not posting comments in NYT.
In March of 2013, the New Old Age weblog (predecessor to this NOA column) wrote about the misapplication of HIPAA. Comments to the entry numbered around 80. Comments to this article total more than 450. It's disheartening to imagine how many people are being harmed by the way this law is being misapplied since, let's face it, most of them are not posting comments in NYT.
3
The law was never designed with patients and families best interests at heart, although it was sold that way by President Clinton. It was designed to protect insurers and providers as they transitioned to electronic records. Only $25 million in fines have been paid in total while over 31 million violations occurred between 2009 and 2014 alone. That's pennies per reported breach, and the vast majority of course go unreported.
4
While my wife was in the hospital recovering after a surgery, we asked to see her records. Her chart was brought to us, When a staff member came by to see how we were doing and saw that we were discussing aspects of her surgery and treatment with knowledge, they took the book away from us and told us we could only read it if someone was present who could explain it to us. We never saw the book again.
3
My life was destroyed by errors, mistakes, and intentionally false information that doctors and nurses put in my medical records before and after the Never Event I survived. There is no transparency in medicine. If you want to read your records, you will be treated with suspicion and health care workers and doctors will be quite unhappy about it. Records will "go missing" and be spoiled.
I advise all patients to request copies of their records for all hospital visits, surgeries, and procedures. I advise getting copies of your records from primary care doctors every one to two years, just like getting your annual credit report. This lets you find errors before they cause you irreparable, permanent harm and injury. When asked why you want your records say "for my personal medical history." You don't need to explain anything more. It is your right to have copies. Make sure to ask for ALL records, test results, reports, pathology reports, etc., otherwise they will purposefully provide a subset of records.
There is a process for amending incorrect medical records, so correct your records! Seeing records shows you which doctors you can or cannot trust with your health and life.
I advise all patients to request copies of their records for all hospital visits, surgeries, and procedures. I advise getting copies of your records from primary care doctors every one to two years, just like getting your annual credit report. This lets you find errors before they cause you irreparable, permanent harm and injury. When asked why you want your records say "for my personal medical history." You don't need to explain anything more. It is your right to have copies. Make sure to ask for ALL records, test results, reports, pathology reports, etc., otherwise they will purposefully provide a subset of records.
There is a process for amending incorrect medical records, so correct your records! Seeing records shows you which doctors you can or cannot trust with your health and life.
5
One of these examples highlights the fact that health care workers can listen to information provided; they just may not be able to provide it. As a primary care MD, I know many patients avoided or covered up important issues. (memory loss, substance abuse, depression or great stress, not taking prescribed meds, etc) I found it very helpful when families sent me a note before a visit with their concerns. It does not violate HIPAA, and a good physician will try to use such information to better work with the patient. Have it in writing keeps it from being lost, or subject to someone else's interpretation.
3
I got into an argument with a nursing supervisor at Johns Hopkins who insisted staff were not permitted to call a dying Cancer patient by her name but could only refer to her by her room number, even to her face. The Cancer patient just wanted to be treated like a person, not a number. It was so stupid and cruel. I went all the way to the board of directors, it made me so angry.
8
Not just cruel but dehumanizing and evil.
5
I guess this means we've jumped the shark.
2
I encountered a similar problem. My father was terminally ill in a hospital, with Alzheimer's, and unable to understand what was happening or to communicate. I held his health proxy and power of attorney. the hospital asked me to consent to a minor surgical procedure (feeding tube), even though they indicated to me that it would not prolong his life. I requested to be shown his medical records. Citing Hippa, the hospital refused. How could I give an informed consent on behalf of my father if the hospital refused to give me the information that was relevant to the decision? I could have gone to court, and probably prevailed, but my father would have died long before the court could have resolved the matter. I also suspected, but could not prove, that the desire to insert a feeding tube somehow was motivated by a higher reimbursement rate from the insurance company for surgical procedures. I did refuse consent, and my father passed away shortly hereafter, but without the insult of an unnecessary surgical procedure.
8
The medical record belongs to the patient, yet if the patient wants copies of all the stuff I have in my chart, I am only allowed to give results of tests and evaluations ordered by me or my practice. I cannot give an xray report sent to me by their PMD or a urology evaluation summary sent by a different specialist. I cannot even give a printed lab report if it was not ordered by my staff. Even if the patient had brought be all those reports years earlier, if they want to have copies back I am not authorized to give it. This is a stupid law and has made my life as a doctor miserable.
8
This is incorrect. If you are withholding records as you state, then you are actually in violation of HIPAA. A Covered Entity is REQUIRED under HIPAA to release whatever (certain mental health records excepted) has become a part of the patient's Designated Record Set (DRS) - even prior/other providers' records. What you cannot do is change anyone else's records (i.e. any records from a prior/other physician) even if it contains incorrect information. I suggest consulting with a health law attorney, specifically one who works in health care compliance.
4
There is a simple solution, which I have not seen mentioned. Congress can pass a lot deleting HIPAA as a U.S law, deleting all related regulations, and requiring all health care providers to stop applying it.
Then congress can enact new legislation to prevent whatever confidentiality breaches it sees as an issue. Perhaps the inverse of current requirements -- an opt-in system in which patients specify what information is to be kept confidential and who cannot see it.
Then congress can enact new legislation to prevent whatever confidentiality breaches it sees as an issue. Perhaps the inverse of current requirements -- an opt-in system in which patients specify what information is to be kept confidential and who cannot see it.
2
The problem isn't HIPPA but the way providers use and abuse it.
Virtually every time you visit a new physician (and often on repeat visits) they ask you to sign a form stating that you have been given a copy of their privacy practices. In practice, most people sign without looking. On a recent visit to my opthamologist, no one in the office could even locate a copy to give me and I had to wait 20 min. while they called the main office to get someone to e-mail a copy.
What they should do is give you a copy along with a form to list the people you do and do not want to have access to your health information.
The next time you visit a doctor take a close look at their privacy practices. Many will release information *in the interest of national security* or *to protect the president and other officials* even withOUT a court order !!
There are situations, e.g., suspicion of physical abuse or public health hazard that may require the release of information to government officials.
But I find it hard to imagine a bona fide *national security* situation that would necessitate the release of my health info without a court order. And, frankly, I really do Not want the Secret Service to know whether or not my liver is compatible with that of any members of the Bush, Obama or Clinton clans.
Virtually every time you visit a new physician (and often on repeat visits) they ask you to sign a form stating that you have been given a copy of their privacy practices. In practice, most people sign without looking. On a recent visit to my opthamologist, no one in the office could even locate a copy to give me and I had to wait 20 min. while they called the main office to get someone to e-mail a copy.
What they should do is give you a copy along with a form to list the people you do and do not want to have access to your health information.
The next time you visit a doctor take a close look at their privacy practices. Many will release information *in the interest of national security* or *to protect the president and other officials* even withOUT a court order !!
There are situations, e.g., suspicion of physical abuse or public health hazard that may require the release of information to government officials.
But I find it hard to imagine a bona fide *national security* situation that would necessitate the release of my health info without a court order. And, frankly, I really do Not want the Secret Service to know whether or not my liver is compatible with that of any members of the Bush, Obama or Clinton clans.
2
As an RN who has worked in nursing before and after HIPAA was enacted, I need to point out that there is a difference between what the law says and how healthcare institutions interpret the law in their policies. Regardless of my interpretation of HIPAA or my "good faith" , I am bound to act according to my hospital's policy. When HIPAA came about, many organizations overinterpreted it to prove to the government and accrediting agencies that they were in compliance with the new law, regardless of how strong their prior patient privacy policies may have been. While no health care worker or hospital may have been prosecuted by the government for HIPAA violation, there are many, many hospital staff who have been fired for violating the new policies despite the fact that those violations may not have necessarily violated the law. Thus, we all will err on the side of protecting patient privacy when in doubt, and while that may be inconvenient, knowing how important privacy is in this digital age, I don't think that is a bad thing.
I protect the patients from bureaucrats, pathogens that are destroying our society
4
There was a hearing for one of our secretaries at a school. We were surprised that the principal was given a copy of her health record filled out in confidentiality and required by the medical department for her return to work. He held the record up in his hands at the beginning of the hearing. He had a girlfriend who was the nurse at our school Their affair had gone on for several years. She also had a copy of the confidential report. The secretary never gave written or verbal permission for the report to be shared, but when questioned, the legal department at the hearing simply said that "It Was Relevant." The union person said absolutely nothing or asked for clarification. We thought unless the secretary signed off on so many people reading this personal information, it could not be shared, not with the legal department, the principal or the nurse of the school.
1
When I picked up a prescription this week, I was asked to sign the HIPAA agreement that pharmacies are required to present, on a yearly basis, to anyone purchasing a prescription. The agreement was on the 3" x 5" screen--the one through which we swipe our credit cards and provide our signature. I was trying to read it when I realized it was pages long--I had to press "Next" at least 6 times, which I did, due to the growing line of customers in line behind me. But first, I asked for a copy of the pharmacy's HIPAA agreement and made sure I would get that before I signed. The pharmacy staff looked first confused at my request, then said that their was probably something I could press to make it print--to which I replied, "If there was, I didn't see it--I only saw "Next."" Finally, after a 10 minute wait, at another section of the pharmacy, I got a copy--in teeny tiny print. I read it, at home. It's the same HIPAA--only concerning drugs. Read it. Not good--
1
No kidding. I helping my sister out a couple of weeks ago when she was in the hospital after a major operation, but I was staying quite a distance from the hospital.
One day I called to see if she was awake before making the drive. Alas, even though I and her daughter were registered as her caregivers, and even though we knew her room number and what operation she'd had, the staff insisted that telling me whether she was awake or not was illegal under federal law.
I understand that in some cases hospital employees may genuinely not be able to tell if divulging certain information might violate privacy. But a lot of hospital employees are using these supposed laws as excuses to be smug, obstructive jerks.
One day I called to see if she was awake before making the drive. Alas, even though I and her daughter were registered as her caregivers, and even though we knew her room number and what operation she'd had, the staff insisted that telling me whether she was awake or not was illegal under federal law.
I understand that in some cases hospital employees may genuinely not be able to tell if divulging certain information might violate privacy. But a lot of hospital employees are using these supposed laws as excuses to be smug, obstructive jerks.
7
See, that's just completely stupid. They think they can't tell you if she's AWAKE? They think whether she's awake is privileged health information???
1
when care providers start hiding behind lawyers, IRS agents and those who script laws 'in the best interest of their constituents, the ugly stench of corruption slowly erodes away the basic trust between patient and caregiver. mediocre as it is, democracy has delivered some pretty poor results to the public at large. it might be a good time to get a second opinion from another 'care giver', rather than fund more of the same. Canada and other Euro countries have done more for their people with less and less.
1
I am a health care professional and understand the need to appreciate a persons directive of not sharing protected health information. However, the simple remedy is to obtain an informed consent and if that is not possible to use basic common sense to do what is in the best interest of your patient. Refusing to even listen to someone who is trying to offer important information is either a by product of being lazy, arrogant or incompetent.
3
In my prior life as a Federal employee, I was the HIPAA point person for Region II (NY, NJ). I was there when it all started. The expectation was that HIPAA would codify commonsense rules regarding patient privacy. Don't leave patient information open on your desk. Have file cabinets with locks for records. etc. Rules that everyone would agree with and none would be expensive. But suddenly HIPAA experts (private not government) began popping up warning health care provider of the catastrophic consequences of noncompliance. Education of all staff members became mandatory, as well as security measures the that NSA would approve. Providers became terrified, and then paranoid. The net result was a whole new way to make money off the health care system. A well intentioned rule twisted for profit. Not the first or last time.
7
Cleo, you are exactly right. There have been armies of HIPAA consultants who have done little more than spread FUD, 'fear, uncertainty and doubt' among healthcare organizations. If you first convince people they have reason to be afraid, then it's easy to convince them to purchase your services. It's consulting 101.
1
So this law is written with reasonable intentions to protect patient privacy. It is long and so hard to fully understand that hospitals require hours of attorney time to interpret. As they do, they interpret in the most conservative way possible which trickles down to the front line workers. Because nobody wants the SWAT team of CMS investigators to arrive at the hospital doorstep! Never has there been helpful guidance from CMS on a reasonable approach, or a help line to answer questions. The answer is "we will decide if you are in compliance after any complaint has been made and we audit you thoroughly"
3
As a physician, I appreciate the need for confidentiality. We get very little training on the nuts and bolts of how HIPAA works, but we are told that we can get fired or face huge fines, or be excluded from Medicare/insurance payer systems if we mess up with HIPAA.
So I probably go along with this silliness since the repercussions are huge to violating HIPAA.
If someone says, hey, you are taking care of my neighbor, Mrs. Smith! How is she doing? I have to say, well, I can't tell you because of HIPAA. It would be natural to say sometimes nonspecific like, "well, she was very sick but she is on the mend!" but I'm afraid to since I don't really know if that would violate HIPAA.
Our medical group recently fired a medical assistant who twice faxed the normal blood test results to the wrong fax number, since that is a HIPAA violation! Really?? I mean, okay, it's not ideal that you faxed someone's cholesterol results to the wrong place but does that matter?
My medical assistant gave the wrong clinical summary to the patient (since she has a million pieces of paper she has to handle) and was written up! What if it is a $25,000 fine for violating HIPAA??!!
It goes on and on... Our group has hired several high-priced, non-physician administrators whose jobs include enforcing HIPAA and generally making our lives miserable. It has gone completely nuts and has ruined the practice of medicine.
So I probably go along with this silliness since the repercussions are huge to violating HIPAA.
If someone says, hey, you are taking care of my neighbor, Mrs. Smith! How is she doing? I have to say, well, I can't tell you because of HIPAA. It would be natural to say sometimes nonspecific like, "well, she was very sick but she is on the mend!" but I'm afraid to since I don't really know if that would violate HIPAA.
Our medical group recently fired a medical assistant who twice faxed the normal blood test results to the wrong fax number, since that is a HIPAA violation! Really?? I mean, okay, it's not ideal that you faxed someone's cholesterol results to the wrong place but does that matter?
My medical assistant gave the wrong clinical summary to the patient (since she has a million pieces of paper she has to handle) and was written up! What if it is a $25,000 fine for violating HIPAA??!!
It goes on and on... Our group has hired several high-priced, non-physician administrators whose jobs include enforcing HIPAA and generally making our lives miserable. It has gone completely nuts and has ruined the practice of medicine.
6
Unfortunately, the writer of this article and most of the commentators don't care. The public wants the information on a "common sense" basis but if you you disclose information in error or in good faith you are subject to severe sanctions.
similar situation for the rise of Compliance in many areas of endeavor.
This article should be required reading by anyone providing - or seeking - medical services.
3
Many years ago I wanted to pay a clinic bill for a visit my daughter had, so I wanted to find out the amount due. We had been going to this clinic for at least 5 years. "I'm sorry, we can't give you that information." "But I want to PAY you. I want to GIVE you money. I can't do that if you won't tell me how much it cost." "I'm sorry, we can't give you that information because of the privacy law."
4
Well intended law, it gets used as an excuse to not do your job, lazy health workers got an extra hammock with HIPPA, unfortunately.
3
HIPAA is a bureaucracy of the bureaucracy, for the bureaucracy, and by the bureaucracy. Just like JHACO and the medical boards. Not only do they not provide any meaningful, useful service to society, their fanatical devotion to PAPERWORK interferes with and obstructs the efforts of people (doctors and nurses) who actually DO contribute to society. The sole raison d'etre of these bureaucracies is to perpetuate themselves. Now that they have their hooks into the lifeblood of our society, try getting rid of them.
2
I believe these exaggerations of Hipaa originate in part from medical personnel's dislike of all things lawyer involved. I've heard Hipaa doesn't allow this and that in situations that appear contrived to point out that Government oversight is ridiculous. It is complicated, true, but not generally without logic.
1
OK Marilyn. I'll give you an example of why I don't like having to put lawyers and bureaucracies ahead of caring for the patient. I am an emergency medicine physician.
Suppose (just supposing)I have a patient who crashed his car because he had a seizure while driving. He admits to not taking anticonvulsants because he doesn’t like the side effects. This patient will probably go out and drive again, possibly crashing, possibly hurting or killing others as well as himself. When I check with the hospital’s legal department, they say under no circumstances am I to notify the DMV; the HIPAA concern for patient privacy is more important than the possible risk to other lives. If I do notify the DMV, I can be imprisoned and fined, lose my career, and the hospital could be fined millions.
On the other hand, if I let a drunk leave the hospital, who then gets in a car and crashes, killing people, I can be sued for contributing to these deaths. But on the other hand, JHACO tells me I cannot use physical or chemical restraints to keep the patient from leaving the ER, that I must let the patient go if he refuses to stay. I can't call the cops, because that will violate patient privacy, and even if I do, they will just bring him back to the ER.
Do you have any idea what it feels like to be a legal coat hook for the system? I just wanted to take care of patients. That's all.
Suppose (just supposing)I have a patient who crashed his car because he had a seizure while driving. He admits to not taking anticonvulsants because he doesn’t like the side effects. This patient will probably go out and drive again, possibly crashing, possibly hurting or killing others as well as himself. When I check with the hospital’s legal department, they say under no circumstances am I to notify the DMV; the HIPAA concern for patient privacy is more important than the possible risk to other lives. If I do notify the DMV, I can be imprisoned and fined, lose my career, and the hospital could be fined millions.
On the other hand, if I let a drunk leave the hospital, who then gets in a car and crashes, killing people, I can be sued for contributing to these deaths. But on the other hand, JHACO tells me I cannot use physical or chemical restraints to keep the patient from leaving the ER, that I must let the patient go if he refuses to stay. I can't call the cops, because that will violate patient privacy, and even if I do, they will just bring him back to the ER.
Do you have any idea what it feels like to be a legal coat hook for the system? I just wanted to take care of patients. That's all.
1
Fitting indeed that the original version of the article contained a basic misunderstanding of the law that required editorial correction.
3
I believe Hipaa prevented James Holmes' parent from knowing how much he had deteriorated mentally before the shooting in Aurora. I believe that they could have, and would have, been able to have stopped him, had they known what was going on with his treatment and therapist.
9
And yet, Doctors offices and hospitals can send your personal information to offices in India doing their billing work.
15
So you see we have Obamacare, which raises our premiums, but health care is even worse than before. As part of a divorce settlement I am required to pay for my daughters health insurance. Since she is under 18, I have to be responsible, but because the insurance is in her name, I cannot see her records; the website will only let her register because she's the policyholder, but she's under 18 so she can't register. In explaining this to customer service, their response was HIPAA. Of course they're wrong. But finding the right person to argue with is part of their game.
Peerhaps it's only their fear of lawsuits that drives them, or maybe they are simply taking advantage of everyone's fear of getting sick.
At some point some controls need to be placed on the health care system.
Peerhaps it's only their fear of lawsuits that drives them, or maybe they are simply taking advantage of everyone's fear of getting sick.
At some point some controls need to be placed on the health care system.
3
"So you see we have Obamacare, which raises our premiums, but health care is even worse than before."
Really? What's your evidence that health care is worse than before?
Really? What's your evidence that health care is worse than before?
My Mother-in-Law diagnosed with dementia was accused of biting an aide at the assisted living she lived at . She was taken to the ER and evaluated for a psych hold which was granted as she continually said she wanted to die.
My husband had full medical power of attorney and when he tried to find out where she sent from the ER the hospital would not tell him due to HIPPA.
Finally he got her attorney involved and the hospital would not speak to him either due to HIPPA. After more than a day we came to find out she had been admitted to a locked down psych ward, become dehydrated and was vomiting and was readmitted back to the ER as a medical patient. All this without speaking with my husband who had medical power of attorney.
I wrote a letter to the State of NJ Board of Hospitals to complain about this and the response was that the hospital was not right in not making an attempt to contact my husband but because the admission was to the lock down psych unit the hospital was within their rights to protect the patients identity! Really people use common sense.....this women had dementia!
My husband had full medical power of attorney and when he tried to find out where she sent from the ER the hospital would not tell him due to HIPPA.
Finally he got her attorney involved and the hospital would not speak to him either due to HIPPA. After more than a day we came to find out she had been admitted to a locked down psych ward, become dehydrated and was vomiting and was readmitted back to the ER as a medical patient. All this without speaking with my husband who had medical power of attorney.
I wrote a letter to the State of NJ Board of Hospitals to complain about this and the response was that the hospital was not right in not making an attempt to contact my husband but because the admission was to the lock down psych unit the hospital was within their rights to protect the patients identity! Really people use common sense.....this women had dementia!
11
When my father was admitted to a local hospital, I called to speak with him. The hospital had a document on file giving me permission to have access to his medical information. Nevertheless, the hospital staff refused to let me speak with him. They said they would take my number and my father would have to call me back and give me a passcode. I reminded them that my father had dementia, and even if the passcode was front of him, he wouldn't know what it was for, and he had difficulty taking the initiative to do anything. My brother was able to successfully intervene, but I wondered how family members of other patients, who might be physically or mentally incapacitated, would get to see them.
6
In the past week, I was asked to sign a 4 page single spaced HIPAA agreement in order to see my primary care doctor. I asked for a copy and was given one and read it while waiting to see her.
Reading the entire document is eye-opening. HIPAA essentially provides privacy for the providers, not the patients. It allowed providers, especially if they are in a network, to share patient medical information with other providers, both in and out of the network. It allows patients' medical information to be shared for research. It allows patients' medical information to be shared with the providers' business associates. There is a long section that lists all who may see a patient's medical history, WITHOUT the patient's permission. That a relative may not inquire or get information or give information about a loved one from the medical profession is an unpleasant irony. The word that is being misused is "privacy." Nothing is private. What HIPAA is really is an ownership agreement: the hospitals, providers and insurance companies, under HIPAA, own those who have the misfortune to become ill without an informed, legal advocate at the ready--preferably, a lawyer. We should all read HIPAA very carefully.
Reading the entire document is eye-opening. HIPAA essentially provides privacy for the providers, not the patients. It allowed providers, especially if they are in a network, to share patient medical information with other providers, both in and out of the network. It allows patients' medical information to be shared for research. It allows patients' medical information to be shared with the providers' business associates. There is a long section that lists all who may see a patient's medical history, WITHOUT the patient's permission. That a relative may not inquire or get information or give information about a loved one from the medical profession is an unpleasant irony. The word that is being misused is "privacy." Nothing is private. What HIPAA is really is an ownership agreement: the hospitals, providers and insurance companies, under HIPAA, own those who have the misfortune to become ill without an informed, legal advocate at the ready--preferably, a lawyer. We should all read HIPAA very carefully.
7
all carefully encoded in full tilt 'lawyer-speak'. a reply to my comment about 'privacy' led me to the original House of Rep bill
https://www.congress.gov/bill/104th-congress/house-bill/3103
which (in 169 densely worded pages) casually separates the patient from the family, in favor of 'the corporate medicine/insureres/providers'. it appears more of a typical glossed over scam to protect medical persons and organizations, while they data mine every one who comes uner their 'care', ensures they can use the 5th amendment (closed mouths don't lie?) to shield themselves from criminal actions and profit handily while family and friends 'twist in the wind'.
https://www.congress.gov/bill/104th-congress/house-bill/3103
which (in 169 densely worded pages) casually separates the patient from the family, in favor of 'the corporate medicine/insureres/providers'. it appears more of a typical glossed over scam to protect medical persons and organizations, while they data mine every one who comes uner their 'care', ensures they can use the 5th amendment (closed mouths don't lie?) to shield themselves from criminal actions and profit handily while family and friends 'twist in the wind'.
3
Hapticz--thank you for this! Very helpful to see the source. The pull-down menu is particularly informative. We all need to become readers of this kind of information--even though it is not the easiest reading--as a way of knowing who is deciding what will happen to us. As Americans, we are not used to thinking that our personal information--in this case, our personal health information--is controlled by outside forces except in the most benign and helpful way. We want to trust those who have our life or or our loved ones life in their hands. But HIPAA distorts and eliminates our thinking and makes it unrecognizable. Read the link that Hapticz posted and read HIPAA. Get a copy; Doctors are legally required to give you one.
Down the line of comments, I've seen someone - can't remember who - complaining about signin sheets being in full view of other patients. At least two of my doctors have office staffs who keep them on the counter. Entering patients are asked or told to sign in, with their names, the time of their appointment, and the time of their arrival. These logs are on the counter or handed to the arriving patient who can read everyone's name before being taken back by the receptionist or person at the entrance window.
4
HIPAA has become the medical industry's favorite excuse to provide lousy customer service. It raises cost, diminishes customer's rights, and interferes with the provision of medical services. It should be amended to provide that the customer gets to choose how their information will be handled. In short, it should run in favor of the customer, not the provider, as it is currently being interpreted.
9
I won't share any stories: they've all been told in the replies shared below. All I'll say is that HIPAA made an already horrific health crisis in our family into a nightmare. All spouses on speaking terms with each other should go their primary care doctors' offices IMMEDIATELY and sign forms allowing each other access to their health information. Something is seriously wrong when a spouse is barred from being an informed, involved care-giver. Isn't that part of what we promise in our wedding vows?
9
I copied the HR director at a company at which I was then employed on e-mails that I sent to the company's insurance broker, regarding problems that I had encountered in attempting to obtain reimbursement for out-of-network services. I the e-mails, I described those services.
The HR director insisted on being removed from the e-mails, citing HIPAA. Clearly, she didn't want to become involved, despite the fact that the insurance was an employer policy and the insurer was reneging on an obligation to pay.
I told her, "It's my privilege, 'Jane,' not yours -- and I can waive it." A few minutes later, she called me back and admitted that it was up to me to decide whether I wanted her on my insurer-related e-mails or phone calls. She'd probably consulted the company attorney.
What struck me at that time was how eager the HR director had been to invoke HIPAA, using it as an excuse to avoid dealing with a situation that might prove embarrassing to the company. Even more telling was her mistake -- she claimed that HIPAA protected me, but her misinterpretation shielded her.
In contrast, when my husband was hospitalized for serious surgery, the hospital staff quickly learned who was family and who was not. They shared information freely with all of us -- i.e., with me and his father, sister and brother. The take away is that when people want to make HIPAA work for the patient, they know how to do so; but when they are on the defensive, it serves as a convenient shield.
The HR director insisted on being removed from the e-mails, citing HIPAA. Clearly, she didn't want to become involved, despite the fact that the insurance was an employer policy and the insurer was reneging on an obligation to pay.
I told her, "It's my privilege, 'Jane,' not yours -- and I can waive it." A few minutes later, she called me back and admitted that it was up to me to decide whether I wanted her on my insurer-related e-mails or phone calls. She'd probably consulted the company attorney.
What struck me at that time was how eager the HR director had been to invoke HIPAA, using it as an excuse to avoid dealing with a situation that might prove embarrassing to the company. Even more telling was her mistake -- she claimed that HIPAA protected me, but her misinterpretation shielded her.
In contrast, when my husband was hospitalized for serious surgery, the hospital staff quickly learned who was family and who was not. They shared information freely with all of us -- i.e., with me and his father, sister and brother. The take away is that when people want to make HIPAA work for the patient, they know how to do so; but when they are on the defensive, it serves as a convenient shield.
38
I'm not sure if others have had this experience but when I call our health insurance carrier, Blue Cross of Minnesota, I am unable to find out any information about my children's (14 and 17 years old) health care, obtain their medical records or history of claims. One child has a chronic health issue which requires monthly medication and I've been trying to track how much the insurance company has paid for the prescription but to no avail. The only way I can get information is for my child get on the phone with the insurance company and talk with them. Finally after months of going around with this with the insurance company, each child received a form in the mail which they need to sign that authorizes me to obtain information about their claims and health. Is this a typical situation, where a parent is no longer able to obtain health care information concerning their minor children?
2
Whether ornot it is typical it is illegal. Children under 18 cannot legally sign such authoriazations, i.e, they are not legally valid. You are dealing with appallingly ignorant people.
6
I'm curious now about these forms.. catch 22 right now I have no access to my children's health records, so even if they sign these forms they are not legally valid. I do wonder what to do next? Any ideas or suggestions as I need to weigh and consider some decision for my youngest health care.
A long time ago, and far away from where I live now, I worked on a computer system for a Workers Comp. One of the junior programmers had had an accident earlier in her life that caused an arm amputation. She was appalled at how casually we discarded printouts showing injured workers personal info and was successful in getting us to clean up our act by changing the way such things were securely handled.
Working again in healthcare systems years later, that sensitivity is enforced using HIPAA.
In respect to computer systems , at least stacks of printout are no longer tossed in a dumpster. And, regardless of the reports of recent breaches, under HIPAA there are efforts to keep systems more secure - it could be worse.
Working again in healthcare systems years later, that sensitivity is enforced using HIPAA.
In respect to computer systems , at least stacks of printout are no longer tossed in a dumpster. And, regardless of the reports of recent breaches, under HIPAA there are efforts to keep systems more secure - it could be worse.
3
The physicians group I used to go to in NC required patients to sign an authorization to have their own records given to them! I pointed out the absurdity of this requirement given that the law required them to give me my records whenever I requested them. Their response was condescending and dismissive. At a Duke medical practice, I asked why I needed to show photo ID, and the receptionist responded: HIPAA. The ignorance is appalling and as many of the comments note, it causes great distress for family and friends of patients.
6
Ms. or Mr. O'Kelly. I've always thought that the requirement of showing photo ID is because it's a way of identification that the person seeking treatment or buying Rxs, is really the person standing in front of the registration desk or cashier.--and as such, the ID can be checked against the face. That way, there's less insurance fraud.
3
Showing photos ID is probably good practice so that it can be ensured (to the extent possible) that you are whom you say you are and that you are the same person who holds or is on the health insurance policy for which you have a card. Really it is no different from the repeated questions asked to ensure someone is the correct person for surgery.
Thayt is apart from HIPAA, though. I really do not believe the Duke staff were incorrect in asking for ID but they probably were incorrect about HIPAA's requiring it, at least to my knowledge.
Thayt is apart from HIPAA, though. I really do not believe the Duke staff were incorrect in asking for ID but they probably were incorrect about HIPAA's requiring it, at least to my knowledge.
3
Well actually Molly, that was only for employer covered insurance . When you tried to buy it on the open market (as in a single individual) , you would be denied forever... if you had a pre-existing condition. Such as my husband and I. We tried buying policies on the open market before ObamaCare and we were denied (permanently ) . Now if you were covered through your employer, you did have to wait for a period of time before they would cover that pre-existing condition but they had to cover you within that employer's plan. . In fact when Clinton signed this bill, insurance companies were using every which away to deny coverage for anybody with HIV and other serious conditions, through employer insurance as well. Clinton did not do away with "pre-existing conditions" on the open market place, only ObamaCare did this.
5
At nearly 85, I'm moving Aug 12 into a care community over 700 miles away but will then be only 6 miles from a son, with the entire family supporting the move. I'm winding down medical appointments here in Chicago suburbs and getting ready to switch doctor-supplied info to new providers. I think all will go okay.
But - I do have a problem with some of the new "patient e-portals" and what I'm told are HIPPA rules. I can and do log in on a couple of ,y portals to see what I am supposed to do...when my next appointment is, how much blood thinner medicine to take, etc. However, there doesn't seem to be a way for me to send in information that may be needed. For instance, if I forget to take a current list of pills with me to a doctor's appointment, and offer to e-mail it in, I'm told they can't accept it, because they can't get any e-info that might scramble or hack into a patient's confidential info. While I see their point, and respect it, can those who know tell me if that would truly be a Hippa violation? I don't drive, but will leaving a letter in my 0utside=my-house mailbox for pickup by US postal people always work,since I occasionally get a number of letters for others on my block.
Also, why aren't patients told these Hippa rules? I have been informed by one health provider (a different one) that even if I've said, "leave voicemail on cell phone," if my name isn't in that message, then all they can say is "call us back for information." I didn't know that. Hippa?
But - I do have a problem with some of the new "patient e-portals" and what I'm told are HIPPA rules. I can and do log in on a couple of ,y portals to see what I am supposed to do...when my next appointment is, how much blood thinner medicine to take, etc. However, there doesn't seem to be a way for me to send in information that may be needed. For instance, if I forget to take a current list of pills with me to a doctor's appointment, and offer to e-mail it in, I'm told they can't accept it, because they can't get any e-info that might scramble or hack into a patient's confidential info. While I see their point, and respect it, can those who know tell me if that would truly be a Hippa violation? I don't drive, but will leaving a letter in my 0utside=my-house mailbox for pickup by US postal people always work,since I occasionally get a number of letters for others on my block.
Also, why aren't patients told these Hippa rules? I have been informed by one health provider (a different one) that even if I've said, "leave voicemail on cell phone," if my name isn't in that message, then all they can say is "call us back for information." I didn't know that. Hippa?
1
HIPAA is a totalitarian monster of gargantuan proportions. The obscene civil and criminal penalties make one think one is in Communist China, Soviet Russia, or Nazi Germany. Is the state actually justified in imposing criminal liability and monetary penalties of up to $1.5 million annually because a piece of medical information happened to have been disclosed, even accidentally? Is privacy so very precious that the life of a healthcare worker or a "covered entity" can be destroyed for what could be an innocent error? Less rigorous penalties are imposed on those who commit real crimes. And even if we assume an intentional, malicious broadcasting of protected health information: Is there not some disproportion between these penalties and the whole subterranean and sickening enforcement apparatus behind HIPAA? Even more so, in an age when our most personal thoughts and information are regularly hacked by our own and other governments, is there not a small whiff of what Big Daddy in "Cat on a Hot Tin Roof" called "mendacity" for a government that has perfected violations of privacy in the form of the NSA to make disclosure of health information a crime? HIPAA is a danger to patients because of the senseless restrictions it places on discussions between healthcare providers and others, and it is a danger to freedom because it has a chilling effect on speech. Yet another example of the grossly misguided priorities of the United States in the 21st century.
3
My elderly aunts DOG, at that time recently adopted from a rescue group, had to undergo surgery. The rescue group offered to have the veterinarian utilize their discount, so mistakely the vet's staff noted them as the owner. When I called to check on his post surgical status, on my aunt's behalf, was told that they could not tell me any of the dog's info because of HIPAA reqirements! I said " It's a DOG, not a PERSON!". Yet they continued to insist that HIPAA applied. You can't fix for stupid.
29
I'm far from a small government extremist, but HIPAA is certainly an argument in their favor. Sometimes it's better to live with the problem than turn a bunch of bureaucrats and lawyers loose on it.
2
Let's talk about thousands to millions of real violations of HIPAA law. The NSA and other government agencies that spy on us and have access to our medical information, without our permission, or knowledge. Any Congress people or Executive branch willing to do anything about it?
5
It's also important that HIPAA NOT be used against whistle-blowers who disclose dangerous hospital conditions or otherwise inadequate health care to patients. Administrators are using HIPAA to retaliate against doctors and medical staff who disclose scandalous conditions at medical institutions.
9
I eas the database administrator for an Oregon Healthplan contractor whom I caught selling medical records for thousands of employees AND THE DEPENDENTS to employers. The employers, in turn, used that ifnormation to determine who to fire. Mind you, this meant/means that the parent of a child with lukemia would likely be terminated due to high medical costs. I reported this to the state Attorney General, who, under HIPAA, was required to investigate it. Instead, i was fired. I had taken records of this and turned them over to HHS, CMS, discivered my private email being hacked by the employer (with records from Microsoft proving it). HHS did nothing. In fact, on Friday I got another letter from them telling me that neither they nor the EEOC is going to to anything. I am free to sue in federal court, and am. In the meanwhile, however, this corrupt state government has been busy trying to cover this up. I have documents of "private" meetings, outright bribes, emails showing collusion and racketeering. I have called and written the US AJ, the Department of Labor, written to various members of Congress, even written complaints to both the House and Senate government oversight committes. Now Im asking the Times to report on this...someone might be interested.
15
HIPAA regulations as applied to personal injury lawsuits are often unfair to defendants. Doctor's offices are sometimes afraid to release information they should, plaintiff's attorneys use it to keep back information that would be relevant and judges often also err in favor of preventing information being disclosed that should be available to defend a case. I'm not suggesting that putting your health into issue in a lawsuit should mean you give up all rights of privacy, but having represented client in both sides in personal injury actions it seems clear to me that it has given plaintiffs an unfair advantage.
2
Oh come on, David. As a lawyer you know full well that HIPAA applies to the patient's privacy, not the medical providers' privacy. I'm also sure whether you are representing the patient or the provider, you can easily go to a judge and get a court order for the release of the information. (I've worked for personal injury lawyers, and that's just what they have successfully done.)
There are several "solutions."
One that I have used (more than once) is to get the police involved. If the hospital can't give me a cogent reason why they are "holding" the person, then I tell the police that I believe that there is a kidnapping involved (or unlawful imprisonment, depending on the state). Of course at that point they have to explain to the police, and the police usually say "too complicated, explain it to him (me). Outrageous? Yes, but effective.
But the ultimate stick, particularly after the fact, is payments. I promise to notify the insurance carrier that the bill is fraudulent. After all, it often is.
Now explain to me why we have to do such things in order to get reasonable responses?
One that I have used (more than once) is to get the police involved. If the hospital can't give me a cogent reason why they are "holding" the person, then I tell the police that I believe that there is a kidnapping involved (or unlawful imprisonment, depending on the state). Of course at that point they have to explain to the police, and the police usually say "too complicated, explain it to him (me). Outrageous? Yes, but effective.
But the ultimate stick, particularly after the fact, is payments. I promise to notify the insurance carrier that the bill is fraudulent. After all, it often is.
Now explain to me why we have to do such things in order to get reasonable responses?
3
I just don't want to get sued or fined. If there's any gray area or possibility that something could be left to interpretation by a judge, I'm going to make my decision as conservative as possible to protect myself. This is how we chose to live in this country.
This is how some of us choose to live in this country.
I work in healthcare and I find HIPAA pretty ridiculous. It impedes information flow even between healthcare providers. Sure, I can get patients or their families to sign release of information forms, send it to the office I'm trying to get information to, and get what I need but sometimes, the urgency of a situation or the patient's condition makes it very difficult. Fortunately, if I, as a physician, speak to a physician directly, it's usually not a huge issue. It's mostly nurses and office staff that are a barrier.
On a personal level, I work it out so all my immediate family members have me as a health care proxy or have papers in their records that list me as an emergency contact. Ask your and your family's doctors' offices to have you listed as such and/or fill out the necessary forms they give you.
That way, should I need to handle anything for them or someone call me with their information the first words out of my mouth are: "I am so-and-so's family member and healthcare proxy (emergency contact, etc.) and there are papers in their chart indicating so. You can talk to me about their health condition."
On a personal level, I work it out so all my immediate family members have me as a health care proxy or have papers in their records that list me as an emergency contact. Ask your and your family's doctors' offices to have you listed as such and/or fill out the necessary forms they give you.
That way, should I need to handle anything for them or someone call me with their information the first words out of my mouth are: "I am so-and-so's family member and healthcare proxy (emergency contact, etc.) and there are papers in their chart indicating so. You can talk to me about their health condition."
3
My estranged brother called ten years ago to say he was in a hospital in DC and being discharged, broke, with no where to go. He was bipolar and had advanced AIDS. The phone number he left was incorrect. I called the hospital where I thought he would be, because he had been an inpatient there previously. I was told due to HIPAA, his admission could not be confirmed or denied. I left my number and asked that it be forwarded to my brother or a case manager. I never received a return call. Three weeks later, the county morgue called looking for next of kin. My brother had committed suicide in a homeless shelter. Paperwork that was with his belongings confirmed that he had been an inpatient at the hospital I had called, and on the date that I called. I am haunted by the circumstances of his death and wonder what the outcome would have been if only I'd been able to speak to him.
27
Jan, I am so sorry for your loss. In my limited experienced with working in inpatient psychiatric settings, I have seen family members, regardless of how close they have been in recent years, regularly involved in safe discharge planning. It is a tragedy that didn't occur in your brother's case. I have read many of the comments below, and yours provides the most compelling evidence for the importance of re-educating our healthcare providers on HIPAA. There is nothing more devastating than experiencing the death of a loved one from suicide.
2
Oh, my. Very sorry to hear of this, and sending my condolences.
Hope you consider a calm, clear recitation of this tale - sent in writing to the hospital, the licensing board of your state and the HHS civil rights office.
Not as a screed or gotcha. As a statement of dignity on behalf of your family, in the hopes that that changes for the next family down the line.
Hope you consider a calm, clear recitation of this tale - sent in writing to the hospital, the licensing board of your state and the HHS civil rights office.
Not as a screed or gotcha. As a statement of dignity on behalf of your family, in the hopes that that changes for the next family down the line.
1
HIPPA regulations are long and confusing. Violations, even unintentional, can lead to a lot of headaches and rarely punishment. Like most government speak, it is hard for any normal person to tell what is OK without consulting a HIPPA attorney. They often disagree. The upshot - patients are inconvenienced out of fear of violating the law.
2
We first experienced the challenges associated with HIPAA when trying to help our 21 year old daughter who is suffering from mental illness and drug abuse. We desperately want to help her but have been completely shut out by her court-ordered psychiatrists and other mental health care providers. As this important article points out, and we were advised, it is possible to give information to these professionals. And we do whenever possible. However this is also very frustrating because they are suspicious of us and, understandably, seem to view us as potentially interfering parents. This leads to very short visits (15 minutes or so) and unknown follow up or actions. It is the unknown that bothers us the most about our daughter's condition. What is her diagnosis? What are her meds? What can we do to help? How do we communicate with her? Is she still self medicating? Is she in danger? Recently we convinced our daughter to sign a HIPAA release (after much consternation and anxiety on her side and ours) and we hope this will open new doors for us. For more on this topic read about the tragic story of Creigh Deeds and his recent actions to revise HIPAA. http://www.treatmentadvocacycenter.org/about-us/our-blog/160-washington-...
3
Thank you for echoing prior voices on the desperate need to fix this law so that reasonable access can be provided to distant caregivers. I knew one, and it was often hell. As with Ms. Gray, he wanted to provide critical preventative care information such as methods which had worked in preventing bedsores. He also wanted brief status, being very respectful of professional staff time.
Hospitals could find a way for a lower-paid clerk to ask questions along the lines of banks. These questions could be some obscure previously-agreed about Q&A's, supplemented by current knowledge which only an up-to-date responsible person would know. Preferably, the clerk would get to know as many voices as possible as a double-check.
I surely do not want to add to hospital costs burdens, but maybe it would be a win-win, saving the time of ER professional staff screaming at nervous out-of-town sons and daughters that the hospital could be sued if they talked.
Hospitals could find a way for a lower-paid clerk to ask questions along the lines of banks. These questions could be some obscure previously-agreed about Q&A's, supplemented by current knowledge which only an up-to-date responsible person would know. Preferably, the clerk would get to know as many voices as possible as a double-check.
I surely do not want to add to hospital costs burdens, but maybe it would be a win-win, saving the time of ER professional staff screaming at nervous out-of-town sons and daughters that the hospital could be sued if they talked.
1
HIPAA is the federal Health Insurance Portability and Accountability Act. So if you are not involved with health insurance or data processing via computer, you are safe to discuss things as a rule. Everything else seems to be over reach for reasons that are unclear to me. For example, fax communication is HIPAA exempt. Privacy is also waived in a number of circumstances, including legal proceedings.
2
Clearly, HIPAA has been designed primarily for protected transmission of medical information between providers and insurers. The ongoing misuse by providers to block real communication between them and individuals in need is sad. Protect privacy? Just sit in any waiting room and listen to people being called by name!
2
Oh that is the problem completely. the horrors of people sitting in the waiting room being aware of each other. When this stuff started up, the staff of one of my doctors just plain couldn't handle a sign in sheet. Like somehow there is world threatening info in someone calling my name.
I did read the act and the completely unintelligible reg and I do not believe that the goal was to clothe the simple act of going to the doctor in deep secrecy. I guess if you cannot handle that, tell the staff that you need to be secreted in the break room. a closet or somewhere.
I did read the act and the completely unintelligible reg and I do not believe that the goal was to clothe the simple act of going to the doctor in deep secrecy. I guess if you cannot handle that, tell the staff that you need to be secreted in the break room. a closet or somewhere.
1
It's not just your name. It's your date of birth (with year), your home address, your phone number(s), your insurance company, employer/employment status, your emergency contact, and if any issues arise, yet more facts. One of my providers started requesting the state of my birth recently, which I flatly refused. Even the nurses admitted it was a data grab with no medical or administrative necessity. And all of this information sharing is conducted in full hearing of a large room of people. Oh, for the days of yore, when "Any changes to your information? No? Just take a seat" was the procedure.
Penn, the information they are requesting is a combination of filing issues (medical records seem to be cataloged by date of birth) and information desired for 'collection' purposes if insurance doesn't pay and you try to avoid payment.
You can certainly refuse some info and they can decide whether to treat you. And you are within your rights to ask that the information be gathered in a private place. Go for it.
I do remember once when I was in a waiting room, a man coming in for a test saying he had forgotten his drivers license, SS number and that he had no insurance. He had an urgent and grave illness from the sound of things. (yes, they were talking out there where I could hear). they did the test, I think.
You can certainly refuse some info and they can decide whether to treat you. And you are within your rights to ask that the information be gathered in a private place. Go for it.
I do remember once when I was in a waiting room, a man coming in for a test saying he had forgotten his drivers license, SS number and that he had no insurance. He had an urgent and grave illness from the sound of things. (yes, they were talking out there where I could hear). they did the test, I think.
My husband was in the last stages of cancer, hospitalized suddenly for what turned out to be the last time. I was working fulltime and took off s much time as I could to be at the hospital, but inevitably I'd arrive and miss the attending doctor on his rounds. On one such trip, having just missed the doctor and needing questions answered, I asked the nurse on duty what the doctor had ordered and said. My husband was incoherent from medication and couldn't tell me himself. The nurse told me dismissively that he couldn't violate HIPAA and tell me anything at all. "But I'm his wife!" I said, astonished, "and he can't communicate himself". "Doesn't matter.", he replied. Boiling, I asked him "So, tell me-if he dies when I'm not here are you going to tell me?" He just stared and walked away. This was at Cedars-Sinai in 2008.
8
I think, as someone once said, what we've got here is failure to communicate. One of the many problems with HIPAA (sorry NYT...Hipaa just doesn't look right to my eye) is the failure by administrators to translate legal language into everyday language that we non-attorneys can understand. It seems like whenever I have to learn anything about health care law the information presented to me is in "legalspeak" and is not easy to understand. I'll never forget having to learn some California mental health law which, like most law, is byzantine...when I asked for study materials that would help me do my job I was given a pile of books containing the actual California statutes! When I recently completed some online HIPAA training required by my hospital it was just a bunch of PowerPoint slides basically telling me that if one of my patient's hat sizes gets out I will be turned over to ISIS for immediate decapitation. (NYT note: ISIS=four letters=all caps.) People make up HIPAA law as they go because they don't understand it, and they don't understand it because it has not been presented to them in understandable form. People often bag on doctors, and rightfully so, for using excessive jargon...lawyers and administrators are guilty of this too.
10
actually the regs were written by "consultant" health care professionals. Were they in legalese it would be a whole lot more clear, IMO. I remember when the reg came out and all the so called professionals going around with explanations were presenting incorrect info. It was pretty awful and I suspect the whole enterprise never recovered.
I have been retired for seven years though and thankfully have not had to deal with HIPPA. Hopefully the mess has been cleaned up a bit.
I have been retired for seven years though and thankfully have not had to deal with HIPPA. Hopefully the mess has been cleaned up a bit.
2
My 94-year-old relative was in the hospital, and they said when I called to ask what was happening, "We can release the information only to the patient's parents."
A Texas clergyman says in the bulletin of his congregation, "I can't visit you in the hospital unless you and your family let me know you're there. The hospital won't tell me which congregants are hospitalized."
Yet a podiatrist can get a list of all your prescription medications, even if they're Viagra.
Medical privacy is very important. But the guidelines must be clearer and common sense must intervene.
A Texas clergyman says in the bulletin of his congregation, "I can't visit you in the hospital unless you and your family let me know you're there. The hospital won't tell me which congregants are hospitalized."
Yet a podiatrist can get a list of all your prescription medications, even if they're Viagra.
Medical privacy is very important. But the guidelines must be clearer and common sense must intervene.
7
This is true about how institutions are dealing with the clergy person's visits.
Where the situation gets crazy is if the person or family asks staff to let his/her clergy person know they are in the hospital/nursing home, and the staff have been told they are precluded from doing so because of HIPAA
I worked in nursing homes (not in a medical capacity) and saw this happen. My manager thought that interpretation of HIPAA was incorrect and used common sense--if residents wanted clergy person's contacted she did so. Other staff refused. I happened to visit a fellow parishioner's husband in the same home in which I worked...He was dying. She had asked another staff person to call her parish to have her and her husband's priest visit to anoint her dying husband. The staff person said she herself could not. We did have a priest from another parish on call who would come to anoint sick or dying Catholics if he was notified by staff or family. The staff person thought it was fine to call that priest but not the wife's and husband's own parish priest... I did.
The staff person was sincere in believing she could not do so. This certainly is not what HIPAA was designed to preclude and HIPAA training results in absurdities like this. I believe the fault lies much more with inaccurate training than with HIPAA itself.
Where the situation gets crazy is if the person or family asks staff to let his/her clergy person know they are in the hospital/nursing home, and the staff have been told they are precluded from doing so because of HIPAA
I worked in nursing homes (not in a medical capacity) and saw this happen. My manager thought that interpretation of HIPAA was incorrect and used common sense--if residents wanted clergy person's contacted she did so. Other staff refused. I happened to visit a fellow parishioner's husband in the same home in which I worked...He was dying. She had asked another staff person to call her parish to have her and her husband's priest visit to anoint her dying husband. The staff person said she herself could not. We did have a priest from another parish on call who would come to anoint sick or dying Catholics if he was notified by staff or family. The staff person thought it was fine to call that priest but not the wife's and husband's own parish priest... I did.
The staff person was sincere in believing she could not do so. This certainly is not what HIPAA was designed to preclude and HIPAA training results in absurdities like this. I believe the fault lies much more with inaccurate training than with HIPAA itself.
1
Some of the problems HIPAA was meant to prevent still occur (docs talking about patients' conditions assuming they're not being heard by the other people in the elevator, hospital staff accessing info on famous patients, files handled carelessly), but the rules are written to create really expensive compliance processes that are excessive, and have these terrible consequences. A relative who's a nurse felt she couldn't advise family members on the implications of another relative's condition because of HIPAA - that wasn't as problematic as these stories, but she couldn't advise people that maybe they should visit soon.
4
Google "penalties for violating HIPAA" and you will see why doctors and nurses are terrified of this law. The financial penalty is $100 to $25,000 for an accidental violation and up to $1.5 million for a deliberate violation. The criminal penalties can include a year in prison. I am a physician and agree that we need laws to protect patient privacy, but these draconian penalties do more hard than good for patients and families.
5
During a measles outbreak a couple of months ago, I tried to find out what percentage of students at my children's schools had been vaccinated. All the schools told me they couldn't release that information "because of Hipaa," even though my request did not involve identifying information. I complained to the school board and the school district administration to no avail. Finally, a reporter obtained the info and shared it with me. Turned out that the information is routinely reported to the CDC and (supposedly) publicly available. In this case, I think "Hipaa" was the excuse for "I don't want to go to the trouble."
20
i would suggest that the people yelling at HIPPA on the grounds that people have applied it stupidly need to apply the same complaint to the Second Amendment.
2
Unless you have a real concern for privacy, simply do not sign the form. They will give you another stating you refused - if they can find it!
1
As a primary care physician for more than 3 decades let me tell you, HIPAA is a disaster. It interferes with patient care while diminishing patients' right to privacy. The law severely restricts your right to sue for violations. If you cannot enforce a right, you don't have it.
But worse, it interferes with communication between treating physicians. When seeing a patient just discharged from the hospital prior to HIPAA, I would have the relevant hospital tests, discharge meds, diagnoses, etc faxed to me before the patient came in. Now I must get them to sign for this information at their post hospital visit. This has led to errors. That HIPAA expressly allows hospitals to communicate with the primary physician without a signature is irrelevant to the upshot of the law.
And under HIPAA, your rights to sue have been severely restricted (you have to petition the Office of Civil Rights to sue for you; fat chance there) so you have fewer rights, not more, than before HIPAA.
But worst, and I wish the NYTimes would do an investigation of this, but it has given insurance companies further legal cover to accelerate VASTLY the trend to copy patients' charts. Yes, people, soon most of the medical charts in America will be sitting on servers in the various insurers around the country with varying levels of security and uncertain disposition in the case of the sale of said insurer. HIPAA explicitly endorses this practice, and believe me, insurers are quickly taking advantage.
But worse, it interferes with communication between treating physicians. When seeing a patient just discharged from the hospital prior to HIPAA, I would have the relevant hospital tests, discharge meds, diagnoses, etc faxed to me before the patient came in. Now I must get them to sign for this information at their post hospital visit. This has led to errors. That HIPAA expressly allows hospitals to communicate with the primary physician without a signature is irrelevant to the upshot of the law.
And under HIPAA, your rights to sue have been severely restricted (you have to petition the Office of Civil Rights to sue for you; fat chance there) so you have fewer rights, not more, than before HIPAA.
But worst, and I wish the NYTimes would do an investigation of this, but it has given insurance companies further legal cover to accelerate VASTLY the trend to copy patients' charts. Yes, people, soon most of the medical charts in America will be sitting on servers in the various insurers around the country with varying levels of security and uncertain disposition in the case of the sale of said insurer. HIPAA explicitly endorses this practice, and believe me, insurers are quickly taking advantage.
10
Insurers having open access to your medical records is a complete sell-out of any hope to privacy anyone might have. Might as while publish them on Reddit. HIPAA is a lie.
1
"varying levels of security". There is a specific part of HIPAA that addresses that. Covered entities are supposed to follow the NIST risk assessment and mitigation. However, much of this info is far outside the normal person's capabilities to comprehend and implement. Some places have top-notch ITSEC people, some just try and shove this off on their local IT person who is probably not actually qualified. Not requiring an outside, third-party ITSEC audit is a big failing of HIPAA.
1
Clearly this law is being abused. But talking with family members before there's an issue has been helpful for me. My mother signed a HIPPA agreement that gave me permission for access. I was able to talk with doctors in a different state regarding her problems. She finally moved closer to me and I went to most doctor appointments with her. In our family, whenever there is the possibility of a serious medical issue another family member always goes along. I can't begin to tell you how many times medical professionals have thanked me for being there to help improve the conversation. What is striking is that this would become an issue for a 14 year old boy. Until HIPPA resolves some of these issues it seems prudent to have all members of a family sign necessary documents and keep them updated. I thought once was enough, but thank to this article and comments I intend to be more vigilant.
4
HOMERUN!!!!!!!!!!!!!!!!!!!!!!!!!! And seems never to get any better. Lately, the paperwork at a doctor's appt is pages upon pages of HIPPA stuff that is all about CYA not caring for your patients.
6
HIPAA is a perfect example of a destructive process we keep repeating:
1. The media identifies some type of behavior that, however rare, is truly outrageous.
2. Politicians, wanting to be recognized as champions of good versus evil seek to ban the behavior. (It is hard to get reelected if you are just a boring prudent manager).
3. In many cases, the ban is written in a way that allows common sense exceptions. But training and mental energy is needed to understand these exceptions, let alone what is actually banned.
4. Lawyers, consultants, and managers all seek to minimize "potential liability" by creating bureaucratic procedures not actually required by the law and banning the common sense exceptions as too subjective.
Does anyone doubt that HIPAA has cost lives? In addition to the dangerous miscommunications discussed in this article and the money wasted trying to comply with the law, there must be a cost to the distraction of doctors away from medicine and of administrators away from better running hospitals. There is no way to provide a good estimate, but surely the death toll from HIPAA must exceed that of domestic terrorism?
There must be a way to punish doctors who totally ignore patient privacy without so damaging all of us. If not, I would prefer letting them get away it.
1. The media identifies some type of behavior that, however rare, is truly outrageous.
2. Politicians, wanting to be recognized as champions of good versus evil seek to ban the behavior. (It is hard to get reelected if you are just a boring prudent manager).
3. In many cases, the ban is written in a way that allows common sense exceptions. But training and mental energy is needed to understand these exceptions, let alone what is actually banned.
4. Lawyers, consultants, and managers all seek to minimize "potential liability" by creating bureaucratic procedures not actually required by the law and banning the common sense exceptions as too subjective.
Does anyone doubt that HIPAA has cost lives? In addition to the dangerous miscommunications discussed in this article and the money wasted trying to comply with the law, there must be a cost to the distraction of doctors away from medicine and of administrators away from better running hospitals. There is no way to provide a good estimate, but surely the death toll from HIPAA must exceed that of domestic terrorism?
There must be a way to punish doctors who totally ignore patient privacy without so damaging all of us. If not, I would prefer letting them get away it.
6
As a physixian I find myself all too often speaking to someone on the phone whose identity I cannot verify who want all sorts of information I cannot give. Why is it that older people, especially those in a nursing facility, whose relatives are scattered cannot have a list of people to whom information can be given, as well as an appropriate list of medications and allergies. Why can't the patient's simplest wishes be documented before they are rushed to the ER?
As we all should know HIPAA is designed for the convenience of the insurance industry, not the patient, but the law carries sharp teeth.
As we all should know HIPAA is designed for the convenience of the insurance industry, not the patient, but the law carries sharp teeth.
8
Quite likely there is some paperwork in the patients chart with phone numbers of contacts. Or there should be. But then the burden is on you to place a call instead of what seems to be the preferred (by the doctor of course) method of family required to be waiting at the bedside for hours in hopes of a conversation with a doctor who makes rounds at random times, usually just before family arrives, and then is no longer available.
So make yourself a bit available. I remember laying in a hospital bed totally zonked out by painkillers at maybe 6 AM being talked at by the doctor, then trying to remember what was said to tell my spouse. And in BIG letters I had written on my paperwork that they should talk to him.
So make yourself a bit available. I remember laying in a hospital bed totally zonked out by painkillers at maybe 6 AM being talked at by the doctor, then trying to remember what was said to tell my spouse. And in BIG letters I had written on my paperwork that they should talk to him.
1
HIPAA, designed to protect homosexuals from employers knowing their HIV status, burdened the rest of the population unnecessarily. It is a law whose time has come and gone and should be rewritten if not repealed in its entirety. Medical records remain available to insurers so what is the point?
8
As a physician I agree that HIPAA often impedes care. We all attend annual trainings with dire warnings about the consequences of violation. It is human nature to err on the side of caution when you might lose your job or face huge fines for a violation. One episode of HIPAAitis sticks in my memory for the frustration it caused. When patients are admitted to hospital from a long term care facility much information is lost both ways in the transfer. In an attempt to improve this a LTC that I worked with assigned a nurse practitioner to go to the hospital when residents were admitted.. She would speak with the staff and our patients . She had the time to explain to our resident what Ther condition was any plans for testing etc. She also communicate with relatives. All naturally approved by the residents The residents all loved it, they got much more complete information when they were in the hospital, and better care when they were discharged. Sadly we eventually abandoned the project as time and time again staff at the hospital refused to talk to the NP citing HIPAA. This would even occur with a patient lying in bed literally pleading with the staff to tell our NP what was going on. I am happy to hear that HIPAA may be modified. it was never meant to impede patient care but unfortunately this has often been the way it has been applied
10
In the old days I would do an operation and if the family was not in the waiting room I would have them paged overhead. In the new era they will not do that because someone might figure out that Ms. Smith had a broken hip. The whole thing has become a job creation monster for more layers of bureaucrats and it certainly has made health care more expensive. I don't bother to find the family any more. If they are not in the waiting room I just move on.
6
"But Hipaa is more common sense than people give it"
Really? I don't think so.
Hell In Patient Anonymous Activity.
Really? I don't think so.
Hell In Patient Anonymous Activity.
2
HIPAA is an acronym. Health Insurance Portability and Accountability Act. Jesus.
2
Let's admit it, HIPAA has been a disaster. Intended originally to serve the laudable purpose of keeping patient information confidential from entities such as employers who shouldn't have access to it, it became a bureaucratic nightmare that involves the repeated signing of meaningless forms (which no one ever actually reads) and constant unnecessary hassles in communication by friends and family members.
Sometimes, its application has been so insanely rigorous that it interferes with medical procedures lest a hacker spy on telemetry. And typically, providers are going to take the approach of self-defense and say nothing even when they know it would do no harm, owing to a fear of heavy fines and other consequences.
It's a perfect example of how *not* to write regulations! The law was well intended, but it should be rewritten on a more reasonable and practical basis.
Sometimes, its application has been so insanely rigorous that it interferes with medical procedures lest a hacker spy on telemetry. And typically, providers are going to take the approach of self-defense and say nothing even when they know it would do no harm, owing to a fear of heavy fines and other consequences.
It's a perfect example of how *not* to write regulations! The law was well intended, but it should be rewritten on a more reasonable and practical basis.
68
What I don't understand, if HIPAA is being enforced too strictly, how it is that employers have access to women's health information when it comes to reproductive rights like birth control and fertility treatments. Isn't that information also supposed to be private ?
4
I agree with you. My employer has to maintain a complicated and expensive systems to scan HIPAA related forms and make them available to staff who in turn must constantly check to see if the correct paperwork has been submitted before they can talk to family. This law created big problems to solve a minor one.
There's nothing wrong with HIPPA. It's just an excuse for bad behavior. It says that staff may not discuss patients in public places or post medical information on the wall or bulletin board.
5
Same experience! When my 12-year old daughter went to the MD the nurse said, "HIPPA prevents a parent from accompanying the patient into the treatment area.!" Our response, "There is no HIPPA shield between a minor child and her parent!"
14
Two issues for consideration: family relationships can be complicated. A "husband" may be someone separated from the patient for many years without legal divorce, and the new "husband" is hostile to this person's involvement although he has no legal standing. The patient may not be in the position to clarify the relationships, and the responsible response from the staff may be to limit communications pending further clarification.
Another issue is that multiple family members often want to discuss a patient's care during the course of the day. We used to request that family members present during rounds so we could discuss updates at one time; this rarely happened during my recent internal medicine residency. One sibling might come at 2pm, another at 6pm, a niece would call on the phone--all would want a conversation with the nurse and often the physician as well. There is just not enough time for multiple daily family conversations for patients with routine medical issues (exceptions including major decision-making conversations, end-of-life decisions, acute health decline). While I've never used HIPAA as an excuse and usually acquiesced to family's requests, I have certainly heard HIPAA invoked as a way to try to streamline these conversations and actually complete the important clinical work for which we are responsible.
Another issue is that multiple family members often want to discuss a patient's care during the course of the day. We used to request that family members present during rounds so we could discuss updates at one time; this rarely happened during my recent internal medicine residency. One sibling might come at 2pm, another at 6pm, a niece would call on the phone--all would want a conversation with the nurse and often the physician as well. There is just not enough time for multiple daily family conversations for patients with routine medical issues (exceptions including major decision-making conversations, end-of-life decisions, acute health decline). While I've never used HIPAA as an excuse and usually acquiesced to family's requests, I have certainly heard HIPAA invoked as a way to try to streamline these conversations and actually complete the important clinical work for which we are responsible.
3
Why not be honest about the need to streamline because time is not unlimited rather than dishonestly citing HIPAA?
9
I couldn't agree more. However, some of the experiences addressed by the commenters may reflect that reality.
1
Very good question. I wonder that myself. I think it's partly due to our training, where we are socialized to present ourselves as superhumanly able to cope with any challenge and so making explanations about lack of time for tasks is a big no-no.
Another factor is the dramatic rise in the number of administrative workers in the healthcare field, as seen in this graph:
http://bilhartzmd.com/?p=1349
Once a system becomes disproprortionately controlled by administrators who are not actually involved in the work of the enterprise, there is a tendency for increasingly complicated rules and policies to proliferate, since creating and enforcing rules is what administrators do. The fact that they have the power to discipline healthcare workers for minor infractions even when committed in the course of providing good patient care, has had a dampening effect on our ability to use common sense in our daily clinical practice.
Another factor is the dramatic rise in the number of administrative workers in the healthcare field, as seen in this graph:
http://bilhartzmd.com/?p=1349
Once a system becomes disproprortionately controlled by administrators who are not actually involved in the work of the enterprise, there is a tendency for increasingly complicated rules and policies to proliferate, since creating and enforcing rules is what administrators do. The fact that they have the power to discipline healthcare workers for minor infractions even when committed in the course of providing good patient care, has had a dampening effect on our ability to use common sense in our daily clinical practice.
2
HIPPA is a good law. If you are a professional, take a class to understand it. Sounds from the comments that it is misunderstood. HIPPA is about privacy Think it through.
2
Reading many of these comments I feel very fortunate. I've never run into healthcare providers hiding behind or misinterpreting HIPAA. When my mother was in ICU, the doctors and nurses would compassionately answer questions of whomever of our large immediate family was present, whether my father was in the room or not. The same when my grandmother had a stroke and was unconscious. He pulled all of her children into a room, including myself as her closest grandchild and responsible for much of her care, to discuss her prognosis and seek a consensus from all of us on the decision of whether or not to withhold life support. In both of these very dire, end of life situations, the staff made the compassionate choice to not invoke HIPAA in order to minister to our distraught family.
Currently, both our physicians and pharmacies, having had us sign HIPAA release forms so my husband and I are able to act for one another in picking up prescriptions from the doctor's office and fill them for one another without issue, and have no problem with us being in the room with one another during an appointment. Neither have ever requested annual updates of these forms.
So there are healthcare providers who fortunately understand there are circumstances that supersede HIPAA in their scope in order to provide accurate and compassionate care for their patients and family.
Currently, both our physicians and pharmacies, having had us sign HIPAA release forms so my husband and I are able to act for one another in picking up prescriptions from the doctor's office and fill them for one another without issue, and have no problem with us being in the room with one another during an appointment. Neither have ever requested annual updates of these forms.
So there are healthcare providers who fortunately understand there are circumstances that supersede HIPAA in their scope in order to provide accurate and compassionate care for their patients and family.
4
I wonder if your being in the midwest makes a difference. Seems like relationships there are often more personal than on the coasts.
There is another side to this story which is not present in this article: the abuse, in particular, of low-income people for which HIPAA provides the only veneer of protection against systemic abuse and rounding up of persons into endless cycles of rehabilitation programs on public dollars.
“But Hipaa is more common sense than people give it credit for.”
Ha-ha... thanks for the laugh. Then why does there have to be a federal law? These boards are full of stories showing just how common-sensical it really is.
Ha-ha... thanks for the laugh. Then why does there have to be a federal law? These boards are full of stories showing just how common-sensical it really is.
3
Common sense has no place in any federal regulations, especially those that involve health care.
This article is important but leaves out one of the thorniest areas when it comes to privacy of medical information: mental health. Here, unique challenges are posed due to the stigma associated with mental disorders and seeking treatment for them, as well as 1. the potential for patients to have limited capacity to advocate in their own best interest and 2. the vulnerability and marginalization of this population.
8
Then the family member rushes home to put the gory details on Facebook.
6
Haha. You are totally right. Still - think about it, what the _family_ does is not really related to what the health care facility or health care professionals do, is it? We really are allowed to go home and talk about it, as much as we like with whomever we like. The nurse and doctor have to exercise discretion, it's their job.
2
I was signing the usual forms at a medical facility in upstate NY. It is an electronic process where the patient signs using a stylus on a small digital signature pad that shows one's signature. Only, in a fit of HIPAA-ness, they had disabled the display so that I could not see my signature. Even if it had been working a bystander would have had to lean way over my shoulder to see my sig. Then said bystander would know what after witnessing my illegible scribble?
No, not a big deal, but indicative of absurd over-application of the law, demonstrating once again that common sense is not common enough.
No, not a big deal, but indicative of absurd over-application of the law, demonstrating once again that common sense is not common enough.
3
As an American living abroad I am really sorry to see the state in which the medical care system in the USA has wound up - the situation for patients dealing with mindless bureaucracy and inscrutable requirements seems straight out of Franz Kafka or Joseph Heller - which is something we don't have here under "socialized medicine"...
6
What happened to "Primum non nocere", "first do no harm"? Is this not THE primary bio-ethical principle? When someone's health is in question are monetary fines, professional consequences and even prison time considerations? I think not.
Health care professionals have chosen their vocation of service. Just like those who risk their well being in military, religious, law enforcement and other sectors of public service some have clearly forgotten that their chosen professional field demands personal sacrifice for the well being of others and does not guarantee safety from danger.... even Hipaa.
Health care professionals have chosen their vocation of service. Just like those who risk their well being in military, religious, law enforcement and other sectors of public service some have clearly forgotten that their chosen professional field demands personal sacrifice for the well being of others and does not guarantee safety from danger.... even Hipaa.
2
Come now. You cannot expect doctors and nurses to readily face PRISON TIME for doing their jobs. I don't really think prison time is usually in the cards, but if it were, seriously, the problem is obviously the law itself - it's not that the doctors and nurses are too cowardly to go to prison.
1
You go first.
1
My mother who was suffering from cognitive decline and congestive heart failure was hospitalized three times in the last year of her life and her assisted living facility would not inform me because of HIPPA laws. My sister-in-law was her health care proxy and refused to inform me of any health care issues including the determination that my mother should be in hospice. Even the hospice nurses said they could not include me in email updates of my mother's condition due to HIPPA. Her physician would update me only if I called or emailed on a routine basis. After my mother died, it was apparent that my brother and sister-in-law had used funds from my mother's bank accounts to pay all their bills. Using HIPPA has a shield prevented me from knowing anything about my mother's health and protecting her from a situation of undue influence.
5
But, in this case, were the providers correct? This article leaves one impression. But there is another side--your mom at one point did designate you sister-in-law as health care proxy and your mom's cognitive decline, presumably, prevented her from requesting that you be kept informed. I wish the NYT would do a lengthy article and analysis on this subject. Paula Spahn's article is very informative but more information I s needed about situations like yours.
I am curious though how a more liberal interpretation of HIPAA by the associated I s Ted living facility would have aided you in knowing what your brother and sister-in-law were doing in terms of stealing her money. Did they have power of attorney, quite aside from being medical proxy?
I am curious though how a more liberal interpretation of HIPAA by the associated I s Ted living facility would have aided you in knowing what your brother and sister-in-law were doing in terms of stealing her money. Did they have power of attorney, quite aside from being medical proxy?
Getting medical information to manage my disabled husband's medical care is the bane of my existence and it often seems that providers know what they should do but they don't do it. Recently, when my husband had to go to a new specialist (Dr. #1), we also went to Dr. #1's medical records office and asked what they needed to release records to me. They gave us a form stating that it could be effective up to one year. My husband signed it, allowing one year's worth of access and checked the box that I would be able to obtain "All Medical Records." Dr. #1 referred us to another new specialist (Dr. #2). The next week, when we went there, Dr. #2 wanted the actual X-rays (not just the report) that Dr. #1 had taken. Dr. #2's office called Dr. #1's medical records office to tell them I would be over on my lunch hour to pick up the X-Rays and deliver them to Dr. #2. When I arrived to pick up the X-rays, Dr. #1's office would not release them to me. They told me that "All Medical Records" did not include "Images" and besides which, they needed a new form signed each time despite the form stating that it was good for one year. Meanwhile, Dr. #1's office distributes a pamphlet stating exactly what this NY Times article says is the law--that a provider has some discretion. It is hard enough being someone's caregiver without physician's offices making it harder than it needs to be by withholding needed records to provide appropriate patient care.
8
From what I remember, when this bill was signed into law, it was a because a lot of people with certain diseases were trying to keep it secret due to the fact that the insurance companies would you deny you medical coverage if they knew you had certain diseases. Clinton "took care of this problem" , but inadvertently made a huge mistake by making it a law that the health care providers use to just tell you "go away and leave me alone" bill. Now you cannot be denied medical insurance due to a "pre-existing" condition. So the law is outdated and need of a huge overhaul.
9
That would not have been the reason as, within the law, insurers are entitled to all of their health information in order to process the claim for their care.
1
Actually, one of the main aspects of the law was requiring insurers to accept a new insured with a pre-existing condition as long as they had certificate proving continual coverage from a previous insurer without lapse, I believe for the previous 18 months, IIRC.
Apparently HIPAA is often used as an excuse by medical staff when they don’t want to go to the trouble of supplying medical information even to a close relative. Case in point: my very elderly mother was taken from a hospital to a rehab center. After two examinations by staff physicians, I could not get ANY information about her condition or prognosis “because of Hipaa”… even though I had power of attorney and was her only living relative! It took a telephone call from my own personal lawyer to their director to get them to grudgingly give me the information. I hope Representative Matsui’s legislation to clarify HHS regulations is successful.
12
Any medical provider can share any medical information about me with anyone who may ask.
There, that takes care of idiotic HIPAA regulations.
There, that takes care of idiotic HIPAA regulations.
2
Well, isn't that nice for you, but it doesn't do much for the person who lives in a small community and suffers from an illness with some stigma attached to it. It doesn't do much for the person who may face job or housing discrimination because of a medical condition. It doesn't do much for the person who simply wishes to maintain a little privacy. There are many valid reasons for people to want their medical information handled with appropriate discretion. It's a shame that some people can't see past their own needs and have a little understanding for the concerns of others.
3
My thoughts as a healthcare worker:
- Hippa should not be used as an excuse to not do your job.
- God help you if you share information with a friend or family member in a situation similar to the first example given in the article and the patient is not happy about it. Hospital management will take the patient's side every time and will not help you out.
- Hippa should not be used as an excuse to not do your job.
- God help you if you share information with a friend or family member in a situation similar to the first example given in the article and the patient is not happy about it. Hospital management will take the patient's side every time and will not help you out.
5
As a practicing physician in a large hospital, I aver that everything in this timely article is quite true. The 'HIPAA apologists' in the comments section are babbling about it "all coming down to liability" and sadly shaking their heads. It's NOT the liability, it's the PERCIEVED liability concocted by Hospital Legal Departments, fabricated by in-house lawyers trying to minimize their performance risk (not actual risk) in alliance with complicit moronic minions who troll the administrative hallways of every hospital. HIPAA basically only says that health care facilities should make reasonable efforts (note "reasonable") to safeguard patient privacy and identity information. That's about it.
But the article does not mention a huge additional force driving HIPAA abuse -- empire building. HIPAA has spawned a huge cottage industry in American hospitals that employs scores of overpaid administrative workers who basically do nothing but make health care more expensive, inconvenient, difficult to administer, and yes, more painful for patients and families. And if my tone seems overly sardonic, it's because of the visceral reflexive disgust that comes from the union of an avoidable growing injustice that is accompanied by institutional stupidity and sanctimony, in equal measures.
But the article does not mention a huge additional force driving HIPAA abuse -- empire building. HIPAA has spawned a huge cottage industry in American hospitals that employs scores of overpaid administrative workers who basically do nothing but make health care more expensive, inconvenient, difficult to administer, and yes, more painful for patients and families. And if my tone seems overly sardonic, it's because of the visceral reflexive disgust that comes from the union of an avoidable growing injustice that is accompanied by institutional stupidity and sanctimony, in equal measures.
24
A dentist's staff member invoked HIPAA when telling me that I could not make an emergency appointment for my friend who could not speak on the phone because she was in severe dental pain. The HIPAA-related idiocy of people who work in health care is nothing short of astounding, and explaining the relevant portion of the law does nothing to ameliorate their ignorance. Nonetheless, this Times article would have been improved by the addition of a clear and concise presentation of the privacy portion of HIPAA.
6
I do not understand all the complaints about what this article "should have included," such as "[n]onetheless, this Times article would have been improved by the addition of a clear and concise presentation of the privacy portion of HIPAA." The article raises the issue and very well, based on the large # of comments. Interested persons can then use a search engine (or clink on links in other comments) to find all sorts of additional information.
This is the reverse of the usual leftest health-information nonsense spread in what is easily the shoddiest section of the NY Times. Here, the Federal government, with its HIPPA regulations is being portrayed as the Big Brother bad guy, and everybody has their own horror story to tell us. Poor Grandma almost died....
Keep in mind, folks, that the over-zealous spread of your and your relatives' personal health information, your doctors' visits, your medications, and your list of hospitalizations would be much more damaging to you socially than lack of information would be during medical emergencies. Wear a medical bracelet if it is that important.
Google, and other tech companies, are salivating at the mouth to get a hold of aggregated personal health data, but before it gets aggregated, I.E., supposedly stripped of its personally identifiable data bits, it is about your life and its medical ills. You can, and will, be denied jobs and insurance coverage if this information becomes public knowledge on the World Wide Web, called that because pretty much anybody can access information on it, often times even when that data is supposed to be off-limits to them.
I'm for less free access to my personal health data. Don't put my stuff online, thank you very much. What HIPPA is doing here isn't the enemy.
3
Hippa -- Hypothetical Information on my Patient Asked & Answered
1
two thoughts.
I was in the emergency room recently. There were "stalls" on both sides of me. The only barrier between these stalls was a curtain. Patients were asked for their names, birth dates, home address, phone numbers, social security numbers, their allergies, the health problems, and other highly sensitive information and then their current condition was discussed at length by the health care provider. I heard all this information that is supposed to be protected by hipaa. When I complained about this I was told hipaa did not apply when it would cost a lot of money to provide adequate barriers. Interesting.
My mother was in the hospital once. All her relatives lived in distant states. When we called we were given NO information. At one point we were told her husband was with her. When we told them that her husband must have come down from heaven, and that the man with her was a neighbor who had early symptoms of Alzheimer's, they were still unimpressed and would give us NO information. I even asked to speak to the supervisor. No help. Disgusting.
I was in the emergency room recently. There were "stalls" on both sides of me. The only barrier between these stalls was a curtain. Patients were asked for their names, birth dates, home address, phone numbers, social security numbers, their allergies, the health problems, and other highly sensitive information and then their current condition was discussed at length by the health care provider. I heard all this information that is supposed to be protected by hipaa. When I complained about this I was told hipaa did not apply when it would cost a lot of money to provide adequate barriers. Interesting.
My mother was in the hospital once. All her relatives lived in distant states. When we called we were given NO information. At one point we were told her husband was with her. When we told them that her husband must have come down from heaven, and that the man with her was a neighbor who had early symptoms of Alzheimer's, they were still unimpressed and would give us NO information. I even asked to speak to the supervisor. No help. Disgusting.
9
I think most people could tell of ridiculous uses of Hipaa regulations. My mother was in a nursing home for rehab. She was hospitalized and when she returned to the nursing home they refused to tell her whether her former roommate was still in the home. We found out when a staff member told us, swearing us to secrecy. When I was having physical therapy the facility told me that if I transferred to another of their facilities I couldn't transfer back because the transfer of my records might violate Hipaa. I thought then, and I know now that Hipaa didn't have anything to do with it. They just didn't want to transfer records because it was too much trouble. Another time, I called my daughter's doctor to tell them something important about her health status but they wouldn't listen because of Hipaa. I think they should have listened and then disregarded what I said if they thought it wasn't applicable. Yes, Hipaa is used in far too many instances just to make it easier for the provider.
9
This is a serious issue: "Another common complaint about Hipaa enforcement, by the way, is the lack of access to patients’ own health records, which they have a right to see or copy, though providers can charge copying fees."
I have found it very difficult and sometimes economically impossible to obtain my medical records. Not only should medical records be considered the PROPERTY of the patient, not the doctor or hospital, but if fees are to be charged they should be affordable. A penny a page perhaps? The healthcare facility already charged huge fees for treatment. It is an administrative task, which is among many that support staff have to do anyway. Offices should also have to comply within 24 hours of a request...this is reasonable. Often a patient needs such records immediately for health reasons.
I am in the habit of getting my labs and doctor's notes at the end of every visit. To wit, I have a 30 year record of files...burdensome, yet useful.
I have found it very difficult and sometimes economically impossible to obtain my medical records. Not only should medical records be considered the PROPERTY of the patient, not the doctor or hospital, but if fees are to be charged they should be affordable. A penny a page perhaps? The healthcare facility already charged huge fees for treatment. It is an administrative task, which is among many that support staff have to do anyway. Offices should also have to comply within 24 hours of a request...this is reasonable. Often a patient needs such records immediately for health reasons.
I am in the habit of getting my labs and doctor's notes at the end of every visit. To wit, I have a 30 year record of files...burdensome, yet useful.
4
HIPAA carries a very big stick in the form of huge financial penalties for violations (as high as $50,000 per incident). Most healthcare companies lack interest in parsing the law carefully or in litigating a violation in court. It's hard to blame them. The privacy rules in HIPAA are confusing and they need to be re-written.
2
and what happens when someone does divulge 'privy info' ? some ambulance chasing style lawyer surfaces from the ooze and begins the process of catalyzing the misinformation, breach of trust (now a contract) and assisting in the fear mongering. (for a minimal fee of course). why has this entire issue even become existent? one very simple answer, MONEY. as soon as insurance companies found a way to manipulate personal data into their policy as a condition/clause of some value, 'privacy' became just another profit incentive for them, and another squeeze to put on lawmakers to implement for their advantage. common sense? GONE from america and the 'most caring corporate structures' of the modern world.
Are employers bound by Hipaa? I once worked for a company where the young son of a colleague, who worked in a different location, had gotten in an accident and suffered a bad leg injury. When the mother's name came up in casual conversation at work, because it was widely known she had taken time off to be with him, I asked how her son was doing and was immediately told by a C-level exec, "We can't tell you, because of Hipaa." I suspected he was just trying to be unhelpful (he was that kind of person) and there was no reason he couldn't at least have said in vague terms how the kid was doing.
3
Yes, employers are bound by HIPAA regulations to protect the health information of their employees, but the person who refused to share only general information without, without disclosing specifics, was in the wrong.
Bureaucracy, laziness, inefficiency, and ineptitude... all well known and often manifested maladies of the medical profession. It seems that even the "experts" often don't have a clue, or even when they do, still do not hesitate to misuse the law to their own convenience. I have seen simlar things in many of my dealings with medical personnel.
Sadly, I think much of this comes from inertia and fear. Even when the law is being used correctly, lack of understanding of the same by all involved, sometimes drives a "lowest common denominator" of understanding, so that there won't be hassles and lawsuits...
Sadly, I think much of this comes from inertia and fear. Even when the law is being used correctly, lack of understanding of the same by all involved, sometimes drives a "lowest common denominator" of understanding, so that there won't be hassles and lawsuits...
3
As a pastor, though I heard worries about Hippa early on, I had little trouble. I have been able to call hospitals and/or rehab facilities to check on patients who are church members; when I have gone to see them pre-op in most places I have simply identified myself as their pastor and been ushered into the pre-op cubicle (I don't generally wear a clergy collar).
The one thing that did change was that hospitals stopped notifying churches when members were admitted. It used to be the usual thing for a hospital to call the church (members having given their church affiliation during admission), but that stopped with Hippa (though it seems that the law does not require that it stop - still, one less task for the hospital).
The one thing that did change was that hospitals stopped notifying churches when members were admitted. It used to be the usual thing for a hospital to call the church (members having given their church affiliation during admission), but that stopped with Hippa (though it seems that the law does not require that it stop - still, one less task for the hospital).
2
Our younger daughter had a psychotic break at age 19. My husband and I were already her legal guardians. Her psychotherapist had the guardianship papers, yet refused even to listen to me on the phone and told me she deleted my phone messages without listening to them due to HIPAA.
She was a MA-level counselor. I'm a (now-retired) doctoral-level psychologist. I told her HIPAA 1) prohibits sharing, not receiving info and 2) legal guardians are exempt. She insisted I was wrong. The therapist was fairly good otherwise, so we kept her.
But about 6 weeks later she dropped my daughter flat. In a family meeting, she explained that my daughter would agree to do things, then not follow through, and often missed appointments. I was FINALLY able to explain the genetic disorder that causes her expressive verbal skills to be far better than any other skills, giving the false impression that she understands what she hears and will remember what she's told to do.
She was a MA-level counselor. I'm a (now-retired) doctoral-level psychologist. I told her HIPAA 1) prohibits sharing, not receiving info and 2) legal guardians are exempt. She insisted I was wrong. The therapist was fairly good otherwise, so we kept her.
But about 6 weeks later she dropped my daughter flat. In a family meeting, she explained that my daughter would agree to do things, then not follow through, and often missed appointments. I was FINALLY able to explain the genetic disorder that causes her expressive verbal skills to be far better than any other skills, giving the false impression that she understands what she hears and will remember what she's told to do.
8
I once had a nurse tell me I myself was not allowed to discuss my own health questions with her in the hallway due to HIPAA.
10
di, it probably was not that you were not permitted to discuss them in that hallway with many other passers by present, but *she* who was not permitted to discuss them with you without concerns for your privacy. The proper thing would have been for her to pull you into a more private setting to answer your questions.
1
It unfortunately comes back to liability. I'm a physician, and I understand the law, but we are instructed at all 3 facilities where I work to be overly conservative with HIPAA. For example, I have to get the patient's permission to obtain records from another facility just so I can care for the patient at my facility. To the letter of the law, this is unnecessary because the information is for "continuity of care," but the risk management attorneys for the hospital understandably want a signed document to be extra cautious. Similarly, while the law may be phased such that we cannot share information with family unless the patient specifies otherwise, the hospitals instead won't share information until the patient specifically says it is OK to protect from a patient later saying, "well I didn't want you to share information, but you never asked so you didn't know."
It's (generally) not the patients; it's (generally) not risk management; it's (generally) not hospital employees trying to avoid family conversations; it's (generally) the plaintiff attorneys (shocker), once again, creating an atmosphere of legal fear in healthcare.
It's (generally) not the patients; it's (generally) not risk management; it's (generally) not hospital employees trying to avoid family conversations; it's (generally) the plaintiff attorneys (shocker), once again, creating an atmosphere of legal fear in healthcare.
14
On the other hand, after reading many of these comments, I do want to say that there is a somewhat concerning trend these days for families to feel that each individual member of the family deserves to have a personal conversation with the physician in order to be directly filled in on what's going on with the patient.
In general, medical workers tend to feel that if a spouse, or parent, or significant other, has been communicated with, that other family members should expect to get most of their information from that family member, rather than have their own personal conversation with the treating physician.
When I was a resident, it was a rare occurrence for a second family member to call and request to speak with the physician, and when they did so, they were apologetic and appeared to recognize that they were asking for a favor.
These days, it is not at all uncommon for multiple members of a patient's family to call requesting a personal update. Although it is not appropriate for HIPAA to be invoked in order to evade these calls, family members should remember that there are only so many hours in the day, and that these days providers are being asked to care for more and more patients in the same amount of time. Every ten minute phone call made to an extra family member is ten minutes that we then are not able to spend on a more high-value task that would more directly benefit your child's or parent's care.
In general, medical workers tend to feel that if a spouse, or parent, or significant other, has been communicated with, that other family members should expect to get most of their information from that family member, rather than have their own personal conversation with the treating physician.
When I was a resident, it was a rare occurrence for a second family member to call and request to speak with the physician, and when they did so, they were apologetic and appeared to recognize that they were asking for a favor.
These days, it is not at all uncommon for multiple members of a patient's family to call requesting a personal update. Although it is not appropriate for HIPAA to be invoked in order to evade these calls, family members should remember that there are only so many hours in the day, and that these days providers are being asked to care for more and more patients in the same amount of time. Every ten minute phone call made to an extra family member is ten minutes that we then are not able to spend on a more high-value task that would more directly benefit your child's or parent's care.
22
Ignorance or misunderstanding is corrected by a strong educational process. However, government is long on legislation, short on education. HIPPA has become another bogeyman backed by the threats of Compliance Officers. The threat of fines and imprisonment is enough to scare anyone into silence. Whenever we are uncertain of the truth, paranoid prudence is the common course.
7
How is the government responsible for faulty education? It is the fault of whomever prepares the training.
1
When my son was four year old I asked office manager for my son's pediatrician for a copy of his medical records. I said I was willing to pay a fee to copy the records. The office manager refused, saying HIPPA regulations forbid it, as it violated the pediatrician's privacy!
10
When I tried to get an annual pharmacy print out of my underage son's prescriptions, prescriptions I had picked up and paid for, and for which I am the insurance holder, I was told I couldn't get one because of HIPAA. They stuck to their story even when I brought a copy of the regulation showing that HIPAA didn't apply in this circumstance.
9
As the guardian, you have every right to have his records. Under 18 parents do have the right to see them.
1
I would add that the caregivers are bound by their institution's privacy policy, which is based on their administrators' understanding of HIPAA, and common sense may have very little to do with it.
Yes. Thank you for this, Paula. I've written here before about the experiences of my mother, who is presently in a nursing home. Several of her roommates have died, and the way she learns of their death is when she asks where her roommate has gone, and in reply they give her a sympathetic look, and ask her if she'd like to speak to a counselor. That's code for "She died." They won't even tell her her roommate DIED.
The whole problem is related to the despicable treatment of the employees on the lowest rung of the health care ladder - CNA's, LPNs, food service and housekeeping staff. These people are in fear of being "written up" for the smallest violations, and HIPAA is held over their heads this way.
The whole problem is related to the despicable treatment of the employees on the lowest rung of the health care ladder - CNA's, LPNs, food service and housekeeping staff. These people are in fear of being "written up" for the smallest violations, and HIPAA is held over their heads this way.
18
Having worked in a retirement facility/nursing home, and having been HIPAA trained by our very wise and compassionate compliance officer at the facility, this makes me very sad to hear. We never withheld this kind of information from our very close, tight knit community because we were not required to.
Even if someone was merely in the hospital, we were permitted to inform their friends in the community who inquired that they were in hospital or a rehabilitation facility, what their general condition was, in terms of good, fair, or critical condition, where they were located and whether they were able to or should/should not receive visits from their friends. The only thing we were required to withhold were the exact details of their diagnosis, treatment and prognosis.
Even if someone was merely in the hospital, we were permitted to inform their friends in the community who inquired that they were in hospital or a rehabilitation facility, what their general condition was, in terms of good, fair, or critical condition, where they were located and whether they were able to or should/should not receive visits from their friends. The only thing we were required to withhold were the exact details of their diagnosis, treatment and prognosis.
While searching census records, found my Uncle William's name in St Elizabeth Mental Hospital in DC. HIPAA was preventing them from giving me information, I told medical records it was Genelogy only. He sadly was turned over for medical research for one year after death. I feel they dropped the ball and did not search for any family members (he did not remember them although his mother and sister, my mother visited him), my aunt would never have of approved!!! HIPAA in this case allowed them to cover up what was done to him while in care since 1938. There needs to be more communication with families.
4
What is HIPAA? HIPAA is the law that ensures patients’ rights of privacy to their medical information. Just recently, HIPAA’s use as a code of silence misinterprets the law. It is supposed to be a law that prevents your medical information from being shared such as cancer. Instead, people are taking it too seriously and are keeping whereabouts a secret. Knowing where someone is at the time should not be information that is kept secret. This is an important issue because when doctors don’t take helpful medical information, situations can turn from not so bad to terrible.
When doctors don’t take the medical history of their patients, it might only make the situation worse. For example, if a patient is allergic to certain medications, doctors won’t take that into precaution because they have no recollection of their patients’ concerns. Because of this, doctors do the unexpected. May writes, “By the time Ms. Gray found a nurse willing to listen, hours later, her mother had already been prescribed a drug she was allergic to.” This quote demonstrates that when important medical information is hidden from doctors, it can only make the situation worse. This week in the New York Times, the article, HIPAA's Use as Code of Silence Often Misinterprets the Law, interested me the most because life changing medical information is not being taken into consideration. It is so frustrating. Why keep something a secret when it can improve the lives of others?
When doctors don’t take the medical history of their patients, it might only make the situation worse. For example, if a patient is allergic to certain medications, doctors won’t take that into precaution because they have no recollection of their patients’ concerns. Because of this, doctors do the unexpected. May writes, “By the time Ms. Gray found a nurse willing to listen, hours later, her mother had already been prescribed a drug she was allergic to.” This quote demonstrates that when important medical information is hidden from doctors, it can only make the situation worse. This week in the New York Times, the article, HIPAA's Use as Code of Silence Often Misinterprets the Law, interested me the most because life changing medical information is not being taken into consideration. It is so frustrating. Why keep something a secret when it can improve the lives of others?
9
"....the civil rights office “is not in the gotcha game,” he said."
Wow. Mr. Mikel's faith in the benevolence of the Federal Government is touching.
The "gotcha game" is what they do. And faced with the possibility of ruinous prosecution, would any sane person take a chance?
Wow. Mr. Mikel's faith in the benevolence of the Federal Government is touching.
The "gotcha game" is what they do. And faced with the possibility of ruinous prosecution, would any sane person take a chance?
8
Today's other articles are not exactly encouraging:
http://www.nytimes.com/2015/07/19/business/a-tiny-banks-surreal-trip-thr...
Read it and weep....
http://www.nytimes.com/2015/07/19/business/a-tiny-banks-surreal-trip-thr...
Read it and weep....
1
I think HIPAA was sponsored by the paper industry. We have to sign the same old piece of paper year after year.
10
1st of all Hipaa stands for Health Insurance Portability and Accountability Act. Hipaa serves purposes of protecting privacy, providing security and permitting information exchange. While Hipaa is unique, it is not unusual in that it relies on command and control and is obviously deficient in clear and complete statement of legislative intent. Reading the law is frustrating. The FAQs are easier to understand, but they are not well annotated. Clarification of Hipaa will be futile. It should be replaced and then repealed. Laws are only as good as they are understood. On a lighter note personal experience informs me that personal relationships are in the beginning and in the end what it is all about. Do patients have rights to lie to their doctors? When a patient lies does their doctor have a right or duty to learn the truth?
1
Hospitals have also been know to weaponize HIPAA by reporting doctors for violating HIPPA in sham peer review actions. This is done to intimidate or harass doctors who may be whistleblowers or perceived economic competitors to the hospital. This happened to me in 2007 and it was not cleared up until 2010, when the hospital finally dropped the complaint, and after I spent several thousand dollars on legal fees defending myself.
13
When I had my appendix removed in 1975, my hospitalization was published in the local newspaper. I was mortified -- they had announced to the world that I had been seen naked by the surgical team! Not all of Hipaa is bad.
3
Absolutely. People ignore the good aspects of HIPAA. There are far worse diagnoses than appendicitis that should not be publicly shared and for which patients could be penalized--for example mental disorders and treatments for substance abuse.
1
My father has dementia and my mother who took care of him died. I placed him in a wonderful memory care unit. The town where she taught switched insurance for retirees. He received letters from the new prescription drug plan threatening him with non-coverage unless he used an in network pharmacy. I telephoned the new plan to ask if the supplier for his facility was in their network. I was told that HIPAA prevented them from telling me. I asked to speak to a supervisor who told me the same story. I told them I could tell them exactly what drugs my father was taking; that wasn't the issue. I wanted to know if the pharmacy supplying his facility was in network or not. Finally I called the pharmacy and they were perfectly happy to tell me.
6
You can thank Bill Clinton for Hippa. Actually why doesn't everyone write their complaints in a letter to him.
1
Much of the responsibility for the hyperbolic response to HIPAA by health care providers comes from their own professional organization; both national and local. Providers are told of monetary punitive damages that might result from "non-compliance", instructed to have all patients sign HIPAA release forms, and told not to release protected information to collleagues. All of this nonsense is constantly repeated by professional publications, so-called experts, and courses given at professional meetings. As you correctly point out in the article,even a cursory reading of the regulations shows that much of what is practiced and believed to be true is utter nonsense.
6
These kinds of situations happened way before HIPAA, except the argument then was "confidentiality protection". I sat in a room with my autistic older brother and his therapist. My brother had signed a waiver of confidentiality so that I could speak to his therapist. She refused. My brother said directly to her "please speak to my sister and tell her what I need - she is my only living relative" and the therapist still refused to talk to me. I am a social worker and such refusals are bogus - many health care providers simply do not want to talk to families and deal with the legitimate questions family members may ask. Such refusals protect the provider from challenging situations, not the patient.
18
My mother and I were once barred from my father's physical therapy sessions because the hospital facility said that it would be a violation of the other patients' privacy under HIPPA. I asked for a copy of the HIPPA rules, read them twice and when I found no evidence that attending my father's physical therapy sessions (especially since he had trouble communicating his needs) was in violation of anyone's privacy under HIPPA, I essentially told them that they couldn't keep us away. The executive director of the facility gave me a few more lame attempts to keep us out, but capitulated in the end. I wonder that she or any of her staff had even read the HIPPA rules themselves.
23
1) Ms. Span: This helpful article would be of greater practical use if it gave us something authoritative which we could cite when we run into one of the situations described (i.e., information withheld due to misunderstanding the HIPAA law).
Ms. Span, a follow-up suggesting what to do would be of great help.
2) A close relative has a rare and complex medical condition affecting multiple organ systems. When he turned 18, he asked all his providers (spread among pretty much every teaching hospital in Boston) for a form to sign authorizing his parents to continue to discuss his care. He reports that no institution had such a form, or even a reliable way to record the authorization.
3) A family friend called me, distraught. His wife, to whom he had been married 50+ years, was in an early stage of dementia where she fearfully imagined that people were breaking into her home, stealing her buttons, and replacing them with identical ones. She finally agreed to see her doctor, but since she was convinced that she perceived things correctly, she saw no need to explicitly agree to share the results with her husband. So, although he was the only person standing between her and her terrors, and although he faithfully tried to care for her, he could not learn her medical status.
Sometimes I think this law means that everyone can learn my medical info--NSA, a myriad of junior insurance clerks, hackers galore--except those who love and care for me.
Ms. Span, a follow-up suggesting what to do would be of great help.
2) A close relative has a rare and complex medical condition affecting multiple organ systems. When he turned 18, he asked all his providers (spread among pretty much every teaching hospital in Boston) for a form to sign authorizing his parents to continue to discuss his care. He reports that no institution had such a form, or even a reliable way to record the authorization.
3) A family friend called me, distraught. His wife, to whom he had been married 50+ years, was in an early stage of dementia where she fearfully imagined that people were breaking into her home, stealing her buttons, and replacing them with identical ones. She finally agreed to see her doctor, but since she was convinced that she perceived things correctly, she saw no need to explicitly agree to share the results with her husband. So, although he was the only person standing between her and her terrors, and although he faithfully tried to care for her, he could not learn her medical status.
Sometimes I think this law means that everyone can learn my medical info--NSA, a myriad of junior insurance clerks, hackers galore--except those who love and care for me.
28
Yes, that's the reality. Hackers and low life fear based "businesses" don't ask permission. Very sad state of affairs.
I'm on the cusp of being old old, and dread it more than can be expressed.
I'm on the cusp of being old old, and dread it more than can be expressed.
This whole thing is a farce. Hipaa privacy laws are never followed in doctor's offices, hospitals or drug stores. I overhear private medical information just siting in the waiting room while the receptionist asks for personal information. Hospitals routinely hold "private" discussions with patients behind a flimsy curtain in a room with several patients or at the nurses' station. Drug stores think that three feet of space is enough to prevent other customers from hearing personal medical information. Even calling a person's name is a violation of privacy.
The health care professionals are simply hiding behind Hipaa because they don't want to answer any questions. But the letter or even the spirit of the law is never followed. Just casually walking down a corridor in any health care facility, one is bombarded by what should be privileged information. This needs to stop. I once went into a doctor's office to tell them the outside door to their records room is open and anyone could walk in. They were hot, so they left the door open.
BTW- Clergy are affected by the Hipaa rules in that they can no longer violate patients' privacy by going through charts to see which patients they would like to visit. Maybe the clergy should examine whether their congregants would prefer not to be mentioned in the bulletin for privacy's sake and not Hipaa rules.
The health care professionals are simply hiding behind Hipaa because they don't want to answer any questions. But the letter or even the spirit of the law is never followed. Just casually walking down a corridor in any health care facility, one is bombarded by what should be privileged information. This needs to stop. I once went into a doctor's office to tell them the outside door to their records room is open and anyone could walk in. They were hot, so they left the door open.
BTW- Clergy are affected by the Hipaa rules in that they can no longer violate patients' privacy by going through charts to see which patients they would like to visit. Maybe the clergy should examine whether their congregants would prefer not to be mentioned in the bulletin for privacy's sake and not Hipaa rules.
16
As a physician whose work is highly dependent on collateral information being shared between family members and other providers I agree that this is a huge problem, and that HIPAA is frequently used as an excuse for providers to not take the time to coordinate care.
I have started routinely counseling families that there is nothing at all in HIPAA that would prevent a physician or their office staff from receiving information from family members regarding concerns that they may have about the patient's health including worsening symptoms, misuse of prescribed medications, suicidal statements, etc.
We are all suffering from information overload but that is no excuse for not taking the time to provide others, or allow others to provide us, with important information that will allow our patients to be treated safely.
I have started routinely counseling families that there is nothing at all in HIPAA that would prevent a physician or their office staff from receiving information from family members regarding concerns that they may have about the patient's health including worsening symptoms, misuse of prescribed medications, suicidal statements, etc.
We are all suffering from information overload but that is no excuse for not taking the time to provide others, or allow others to provide us, with important information that will allow our patients to be treated safely.
106
Yes! But try to get some providers and staff to understand this. I have told providers for my parents, when they were alive, that nothing in HIPAA prevented them from listening to me and getting the information I could supply. I had to reassure them I would not ask them anything (-: and, even then, some insisted that listening to me violated HIPAA.
I noticed a huge bill in my insurance records for a routine doctor visit. I inquired with the insurance company and was told that my OWN medical bill was a confidential statement between my doctor and the insurance company and they couldn't share it with me due to hipaa. The insurance company doesn't care they are being defrauded?
18
All along I thought it was me being unreasonable and wanting healthcare office workers to act illegally. I've tried to find out the status of my son's health insurance to be sure we had paid it properly, and was told that no one could tell me "because of HIPAA", although he had asked me to do this. He could have lost his coverage.
I can't find out if my husband's prescriptions are ready for me to pick up as he thinks I'm going to, "because of HIPAA". I work at home with a completely flexible schedule which I use to help our family, and HIPAA is a constant obstruction. It often seems that HIPAA is a blessing to those with boring jobs which become stressful when they have to deal with patients' families. They can say "HIPAA" all day and avoid researching issues, tracing errors, or helping at all.
I would dearly love to see this wretched law die.
I can't find out if my husband's prescriptions are ready for me to pick up as he thinks I'm going to, "because of HIPAA". I work at home with a completely flexible schedule which I use to help our family, and HIPAA is a constant obstruction. It often seems that HIPAA is a blessing to those with boring jobs which become stressful when they have to deal with patients' families. They can say "HIPAA" all day and avoid researching issues, tracing errors, or helping at all.
I would dearly love to see this wretched law die.
22
IT IS not the law generally that is at fault. It is the nutty interpretation and implementation of the law.
Speaking as someone who has worked in a health care environment, HIPAA is complicated and generally boiled down to the following:
If someone is 18 or over, and the individual asking the question does not have power of attorney, then you refuse them all information on the patient.
That's basically HIPAA. Even if someone does have a condition that makes them unsuitable for control of their medical situation, without power of attorney over them they are still legally competent and legally required to do so. Even if someone says someone else can receive their info, just a verbal notification isn't going to satisfy anyone for anything more than one occasion. Enforcing HIPAA means that this is where the ugliness sets in. It's a law, not an ethical guideline, and it's enforced by bureaucrats and auditors hired by the company you work for, not the patients.
If someone is 18 or over, and the individual asking the question does not have power of attorney, then you refuse them all information on the patient.
That's basically HIPAA. Even if someone does have a condition that makes them unsuitable for control of their medical situation, without power of attorney over them they are still legally competent and legally required to do so. Even if someone says someone else can receive their info, just a verbal notification isn't going to satisfy anyone for anything more than one occasion. Enforcing HIPAA means that this is where the ugliness sets in. It's a law, not an ethical guideline, and it's enforced by bureaucrats and auditors hired by the company you work for, not the patients.
32
Your post demonstrates the depth of the problem. Unfortunately your understanding of the law is flawed. I am a physician and a bureaucrat (hospital administrator) and have been on the receiving end of this when a family member was in an out of town emergency department with chest pain. The nurse told me that she could not give me any information citing HIPAA even though my family member and I had already talked on the phone and he wanted me to get the information. I insisted that the nurse get her supervisor and eventually got the info. I would have taken it to the top and asked them to call the hospital attorney if they persisted in their refusal.
4
"If someone is 18 or over, and the individual asking the question does not have power of attorney, then you refuse them all information on the patient."
Um ... unless the patient SAYS you can give them the information.
Um ... unless the patient SAYS you can give them the information.
1
It may be a law but it clearly is often misunderstood and misapplied - (see other comments)
vets citing it re: privacy for dogs? cats?
Government officials working in non-health-related offices citing it as a general privacy law? Heaven help us.
vets citing it re: privacy for dogs? cats?
Government officials working in non-health-related offices citing it as a general privacy law? Heaven help us.
2
Oh gosh..these comments are giving me agita. My husband started to twitch often in his sleep--he was totally unaware of and unconcerned about this new behavior. Very worried, I videotaped it to show his doctor. I wrote a note to the doctor about my concerns and emailed him the video file just before my husband's check up. The office called--the doctor would not read the note or view the file due to HIPAA concerns. What? He won't receive what might be extremely important health information? What an idiot. My husband needed to give him permission first, which he did. He still refused to act on it or examine him fully, because my husband has 'no pain' associated with it. OMG..I have begged my husband to change providers. But I think the doctor is still upset over the way he received the information.
8
HIPPA does not relate to people giving info TO the providers, it related to providers giving into out. Call them back, they are wrong and yes change providers if you can. The MD seems more converned about stupid (and incorrect) rules than he cares about his pts. This is NOT good medical practice as you describe it.
5
This is timely, as I had just heard a news report on KYW where they were alerting parents of college students to be sure they got permission from their children to receive medical information, because if a child is over 18 HIPAA laws prevent providers from sharing information with parents. I knew this was wrong, but can't help thinking how many people fall for that when a provider wants to be uncooperative. Temple hospital staff "played the HIPAA card" when they thought it was none of my business what medications they were giving my father--he had no idea; we had no idea. I had to prove to them that they were abusing the spirit of HIPAA and insisted they cooperate. Turned out they were giving an antipsychotic medication "off label" to him just to make their lives easier--he was recuperating from lung surgery.
13
I was assisting a elderly person who was disabled and going through the process of obtaining Medicaid so that she might be cared for at home by a home health aide. Even though time was of the essence in her application and her physician had clearly documented the extent of her disability in her medical records, that information could not be released without a signed Hippa release. Unfortunately, she was too disabled to sign the release. There is something really absurd about this. The system is adamant about protecting a persons privacy, even if it means putting them in harms way.
6
A few years back, I actually had to get a state representative to help me obtain my own test results. The doc office would not tell me over the phone what the results were). They would not even tell me how important it was to come in (finally found out results were abnormal). Just kept me guessing. They called me first, btw. I insisted they tell me, but they told me I would have to come into the office personally before they could release said results. I told them this was outrageous because I would have had to arrange a ride just to get there - not easy for me at that time. I asked why they could not give the results over the phone - why did they even call me? I could be the wrong party, they said. They could not send me the results in the mail, either, even though I confirmed the address they had on file. The results could get lost in the mail, they said or delivered to the wrong person. Prior to that, at a previous appointment, I found out (by reading my chart upside down while at the reception desk) that they had lied about receiving an important document(ironically one that would have given me certification to get individual rides to my medical appointments.) I finally figured out they just wanted to collect another co-pay from me.
I understand medical privacy is extremely important, but I really do believe that 99% of the time, HIPAA is used in ways that have nothing to do with helping the patient.
I understand medical privacy is extremely important, but I really do believe that 99% of the time, HIPAA is used in ways that have nothing to do with helping the patient.
23
Yes, they wanted money...
HHS and the DOJ have terrorized medical providers with threats of heavy fines and sanctions for minor or accidental disclosure of medical information. There are in fact very few incidences of individuals using medical information against other individuals or providers maliciously revealing private information.
The federal government and medical insurance companies have legal access to all medical information regarding patients.
The self proclaimed "affordable" care act mandates putting all medical information in the cloud. Both the government and the insurance companies have had multiple documented breaches of on line medical information with no consequences. All it takes is one disgruntled federal or contractor worker to upload all medical information to a publically available web site. They will not have to hack as they will already have legitimate access.
The parties that really want to use this information are employers (so they can discriminate against the sick) and advertisers. The insurance companies are allowed to share information with each other now- there is no visible firewall between their medical and life divisions. For a price big business will be able to access this information as well.
The federal government and medical insurance companies have legal access to all medical information regarding patients.
The self proclaimed "affordable" care act mandates putting all medical information in the cloud. Both the government and the insurance companies have had multiple documented breaches of on line medical information with no consequences. All it takes is one disgruntled federal or contractor worker to upload all medical information to a publically available web site. They will not have to hack as they will already have legitimate access.
The parties that really want to use this information are employers (so they can discriminate against the sick) and advertisers. The insurance companies are allowed to share information with each other now- there is no visible firewall between their medical and life divisions. For a price big business will be able to access this information as well.
5
Another very good reason to get insurance companies out of our health system, and to decouple it all from employment. Medicare for all.
1
But, what does the government have to do with this problem? This type of thing actually begs for regulation. Employers should not get private health information. Providers do not have to store information in the cloud, though. ThAt is not required for EMRs.
Part of the requirements of the Affordable Care act for "meaningful use" is that all records be available to the government electronically- the information is transmitted to government servers for access. These records are available to the government and eventually to other authorized persons- providers, insurance companies that are medicare intermediaries and eventually pharmacies and medical laboratories. Any authorized user can access any patient information on the system without the patient's permission. The information is supposed to be used for legitimate clinical need- but eventually thousands of people will be authorized to look. The medical information is not better encrypted then any other government data base. The real threat is not a rogue individual but rather data mining for nefarious purposes by the government, big business and insurance companies- they already have access.
I am a pastor; when HIPAA was 1st introduced, our local hospital informed all the clergy that we could no longer announce hospitalized members in the weekly bulletin or share info the parishioner gave us. Some of us capitulated, as it seemed the hospital might bar us from visiting. Others basically said, "we're not health care workers, and we don't work for the hospital," and kept on doing what we'd been doing... releasing info when our parishioners said it was ok, and keeping our mouths shut when things were no one's business. It's not the only time a hospital has tried to tell me that HIPAA prevented me from doing/telling; I conclude that it's a common misconception among health care administrators.
94
HIPAA applies to health care providers. But sometimes they or their staff might s understand or have had poor training about HIPAA and make all sorts of claims.
NYTimes: I would like to know how frequently HIPPA violations (or even "violations") are prosecuted? What cases have gone to court? What was the outcome?
20
Ms. Lori,
It's less about how frequently these violations (real or perceived) are prosecuted by law but rather how these rules are interpreted, written, and enforced at the lowest level. It's possible and often easy to do something that violates workplace policy but is OK with HIPAA.
It's less about how frequently these violations (real or perceived) are prosecuted by law but rather how these rules are interpreted, written, and enforced at the lowest level. It's possible and often easy to do something that violates workplace policy but is OK with HIPAA.
1
In these days with electronic medical records that anyone even remotely involved in someone's care can open (and the patient doesn't even know who's been looking at his/her records), not to mention hackers, and health care professionals regularly talking to their spouses about patients and also discussing them (gossiping) with people at work, and with file clerks in insurance companies able to access anything they want, this whole privacy thing about medical records seems like a joke anyway.
6
I think calling it an "all-purpose excuse" when caregivers invoke HIPAA is misleading. It's much more likely that they're trying to avoid a lawsuit than that they're looking for an "excuse" to avoid talking to you. Yes, this story gives examples that would not have been HIPAA violations, but your average caregiver is not a lawyer and would much rather be safe than sorry. I find that a perfectly reasonable strategy in this lawsuit-happy society.
2
I do not find it reasonable to be "safe rather than sorry" when it involves keeping information from family whose involvement in care these days is usually vital one way or the other.
6
Not only would my father's physician not speak to me over the phone even after I said the HIPAA form was in his file, but the hospital staff had me come up with a code word to use whenever I called in to check on his condition. The reason being to insure that I was who I claimed to be - my father's designated health care surrogate. Seriously, thieves are more interested in stealing our credit card numbers off the internet than impersonating a concerned son or daughter.
23
The only thing that surprises me about your statement Judith is that it was Tampa. Thirty miles south of Tampa on I-75 is a lovely little place I like to call Venice where the ED staff refused to listen to me as I begged them to NOT treat my 87 year old Alzheimer's ridden practically vegetative DNR father. They said they couldn't even talk to me because of Hipaa....I had just landed in Chicago after leaving him. The POA was on the chart. To me it's just laziness among hospital staff. PS. I'm a nurse.
6
As a clinical ethicist in an acute care hospital and a health care proxy for my parents, I have argued for the change in the response of health care providers to the current HIPPA regulations. If a worried family member calls and a nurse is not sure whether or not to give information, you don't need to give medical details. Just a kind word explaining that the patient is doing fine or he/she is comfortable is all you need to say. Or ask the patient what information he/she would like the staff to give concerned callers.
14
This is a good point - perhaps sometimes just better training of staff is needed. HIPAA is supposed to prevent details from getting out about exactly what condition someone has or what medications they're taking or procedures they're undergoing. Nothing really bars the staff from simply responding in a human fashion such as "He's feeling better" or "He's resting comfortably" or "He had a bad night" - simple common sense and human decency suggests this is fine and doesn't give away medically privileged information. That's not the same thing as divulging the diagnosis or the treatment regimen. For god's sake if they're calling to inquire they already know the person is sick ...
"Intended to keep personal health information private, the law does not prohibit health care providers from sharing information with family, friends or caregivers unless the patient specifically objects." Sorry, this is incorrect. I cannot share information about my patients with just any person who happens to ask for that information. Why would it be OK for a "friend" to get private health information, just by asking for it? Our patients sign forms designating exactly who we are able to discuss their personal health information with. Beyond that, patients do not need to specifically object to anyone. Not on the list of OK people = Not going to get information about the patient without the patient saying it is OK for us to give it to that person.
2
Your office or facility may require that written list, JenD -- many do. But the HIPAA rules themselves allow a patient to give *verbal* consent. And if you, in your "professional judgment," deem disclosure to a friend or family member who's involved in a patient's care to be in the patient's best interest, you can share pertinent information.
You may choose not to exercise that discretion (or your employer may direct you not to), but the rule gives you that discretion as long as you gave the patient a reasonable opportunity to object.
You may choose not to exercise that discretion (or your employer may direct you not to), but the rule gives you that discretion as long as you gave the patient a reasonable opportunity to object.
1
That leaves the burden of assuring that your office has up-to-date information about patient's preferences. What is your office doing to assure that patients keep that information current. That is, what if my mother had my father listed in your records and my father died. My mother gets sick and is not able to express her wishes--do you not speak to anyone in her family?
4
My mother is the legal guardian for my grandfather with dementia. I sure hope hospitals and his nursing home are allowed to talk to her under HIPAA. Families live apart sometimes, and the world has changed since the mid-90's, mostly on the technology front. There should be a way to amend HIPAA so that doctors and nurses can talk to family members to get information when a patient has dementia, is unconscious or has such severe laryngitis, vomiting or hand injury that the patient is unable to communicate with medical personnel.
6
Health Insurance Portability and Accountability Act (HIPAA) is an acronym and should be spelled in all caps. Where are the peerless Times editors?
8
Ms. Sly, the peerless editors have decreed that acronyms longer than four letters should use upper and lower case. (Personally, I prefer HIPAA.)
1
The peerless editors should rethink that stance. Not only does Hipaa look stupid, the rest of the world including the Federal Government, which created the regulations to begin with, uses HIPAA.
2
I was at emergency waiting for a doctor. This particular hospital emergency is constructed so that there is a central, large desk (about 5 nurse-stations), and about 10 rooms jutting off in all directions; each room could hold 1-4 people. But they were all full and so they put me in the hallway by the desk, where I waited for the doctor to come. On the wall was a white board with a list of patient names, the room, and a coded diagnosis I couldn't understand. I was just sort of staring at it out of boredom, when a nurse screamed at me: "Stop looking at that! That's a Hippa violation! It's none of your business! Turn away!"
I had to turn my head away - not-looking - the whole rest of the time (half hour) I waited for a room to become available.
I had no idea what I was reading, but I could see the names of the patients and the room numbers (not that I remembered or cared). Should the hospital really put this informant on a large whiteboard in a public waiting area, if they are concerned about Hippa? And was it a Hippa violation? What should I say next time if this happens again?
I had to turn my head away - not-looking - the whole rest of the time (half hour) I waited for a room to become available.
I had no idea what I was reading, but I could see the names of the patients and the room numbers (not that I remembered or cared). Should the hospital really put this informant on a large whiteboard in a public waiting area, if they are concerned about Hippa? And was it a Hippa violation? What should I say next time if this happens again?
26
You should tell them they are lucky you don't have the Department of Health and Human Services on speed dial, otherwise you'd report them for their blatant violation of HIPAA.
5
If it's a HIPPA violation, which it isn't, then you should tell them that it's their fault, not yours for putting that information in a patient waiting area.
10
Ruby, if there is a violation there, it's the hospital posting it in a place where it is visible to the public, not your eyes looking at it. You can safely ignore the nurse in this situation.
2
Why is it that we have so many laws that remain unenforced until major crimes or tragedies occur, and in the culture of health care (where also many violations of humane and lawful practice occur), the health care industry has co-opted patients' rights to protect their own. Passing laws needs to be followed by monitoring the use and abuse of the same laws. Doesn't happen.
8
I have had physicians refuse to speak to me on the phone even when the patient said, "This is my HIPAA-designated personal representative and I want you to talk to her because I need her help understanding my medical needs." (She was legally deaf). They also refused to speak on Skype due to HIPAA even though she said she was okay with any breach of confidentiality caused by the technology and Skype allowed her to participate in a 3-way discussion about her own care. They were using HIPAA to prevent her from being a full partner in her own care. It was disgraceful. One physician at Houston Methodist in Texas persisted even after I got the Baylor College Medical Ethics specialist in her hospital room telling the treating physician he had to comply with speaking to her HIPAA-designated personal representative. He simply said, "No" and left the room.
29
A few years ago a small town in Pennsylvania didn't want to tell people how they were spending taxpayer money and used HIPAA as an excuse. The town's lawyer said "it just is" (a HIPPA issue). Clarity on what is and what isn't a HIPAA violation would be most useful.
7
"Staff members’ fears of the consequences of an unintended [HIPAA] violation are probably overblown." "'[T]he civil rights office 'is not in the gotcha game.'"
This is soft-pedaling the fact that even a minor and unintended violation IS a violation and can be punished as such. This is just another instance of the government criminalizing everything. If Congress didn't intend the civil rights office to play the gotcha game, it shouldn't have given it gotcha powers.
This is soft-pedaling the fact that even a minor and unintended violation IS a violation and can be punished as such. This is just another instance of the government criminalizing everything. If Congress didn't intend the civil rights office to play the gotcha game, it shouldn't have given it gotcha powers.
2
As someone who spent a fortune to get an MS in mental health counseling I can neither risk nor afford to be sued and to lose the career I love. My agency is strict about HIPAA rules. Since I'm not self-employed I don't have the flexibility to risk my agency getting sued. To say the US DHHS is not in the gotcha game is all well and good until they getcha. It's just the way it is.
6
As long as there has been medicine, doctors have protected the privacy of their patients. No law is needed.
1
Not so. Not of women, especially married women, but younger single women too.
1
I was probably the person who previously mentioned the minister who invoked HIPAA for no longer providing information to the congregation on other members' illnesses. While I do think it is good, ethical policy to consider people's desire for privacy, it's ridiculous to invoke HIPAA when it does not apply. As I recall, the minister said he had received "legal advice" about this. If so, shame on the lawyer. Thank you for continuing to beat the drum about this, Ms. Span. I believe that those who ARE governed by HIPAA--health care providers, etc. --withhold information sometimes due to ignorance and other times due to laziness. It's just easier to say "no" than it is to look up information and provide it.
3
While the article focuses on seniors, what about juniors? That is, what about those under age 18?
Example: Why can a counselor refuse to have any discussion with me regarding her talks with my under-18 daughter citing HIPPA?
Example: Why can a counselor refuse to have any discussion with me regarding her talks with my under-18 daughter citing HIPPA?
3
I can't speak to MA law, Jim. However, I suspect it is much like that of other states. In PA, anyone age 14)+ is able to consent to their own mental health treatment (unless they are psychotic or otherwise are lack the basic mental capacity) and controls their information/records -- even if the parent consents to the treatment, transports them there, and pays for it. Professionals are obligated to keep what happens in sessions confidential -- unless the youth gives consent to disclose or is at imminent risk of harming self or others. Whether a professional would deem verbal consent without written consent sufficient in a non-emergent situation would probably depend on the circumstances and the professional.
1
While I agree that some take HIPPA rules to an unfortunate extreme, in general I am very happy that we have gone from an environment where info. was left for everyone to see and good meaning staff shared everything with whomever asked to an environment that makes people pause before giving out info. And HIPPA is not just about what info. is shared over the phone. The HIPPA rules have drastically altered how health care agencies like mine secure info. Just 10 years ago, we routinely left patient info. out in the open, or in unlocked drawers and routinely shared info. withing everyone and anyone. Have we gone to far the other way? Sure. And now, I bet things will be clarified to take us back in the other direction a bit.
2
It's helpful to remember, Ms. Smith, that HIPAA serves a legitimate purpose. Patient privacy IS worth protecting. But yes, the pendulum does seem to have swung very far in the opposite direction.
2
Most of the comments recite instances of trouble learning about a loved one's condition. Agreed, that can be more than just annoying or stressful, especially if it leads to treatment without all facts. But let's not forget that the basic goal of Hipaa is to let individuals control the release of their personal information. That's a very important right and it deserves protection. There are many ways in which health information can be abused, even if the info is accurate and won't change over time. The law may be cumbersome and need some work, and it too may be abused or manipulated, but we surely shouldn't dump its premise.
3
It would be a HIPAA violation for me to comment on this article.
7
It's important to push for your rights when talking to someone who doesn't understand the law. I had a receptionist at a dental office refuse to give me my own dental records because of Hipaa. Eventually, he agreed to talk to his supervisor, and I received the records.
6
While HIPAA may often not apply or not restrict sharing medical information, state privacy laws can be much stricter. In New York, restrictions on disclosing medical information in section 18 and various other parts of the state's Public Health Law apply much more broadly, and are more restrictive, than what HIPAA actually restricts. And New York's medical privacy laws are also much more difficult to understand. Perhaps when some medical provider cry HIPAA, its just shorthand for something much more complex.
4
A friend adopted a dog from a local shelter. The dog had medical problems, and my friend needed to get information about prior treatment from the previous owner. The shelter claimed HIPAA rules as the reason for not providing the previous owner's contact information. They said that even the shelter could not contact the previous owner - again because of HIPAA rules. Seriously.
10
A tie, then, with the Hipaa-protected cat.
11
Honestly, one simply cannot make this stuff up.
I am certain all our dogs and cats are thrilled to know their privacy is paramount.
I am certain all our dogs and cats are thrilled to know their privacy is paramount.
2
Well, hopefully there was a rule that the shelter could not release the previous owner's contact information. Of course, that has nothing to do with HIPAA but everything to do with good practice. IT is crazy that they would not relay your desire to speak to the previous owner to that owner.
If you read the details of HIPPA laws it not only about health care privacy its a law intended to allow providers to communicate with each other about a patient not prohibit that communication. Its to help people get good continuity of care in our complicated health care system.
HIPPA applies only to providers and institutions, we can all gossip abut our friends and relatives just like we always have, remember free speech.
That said at the CCRC where my parent lives a good friend of her was suddenly hospitalized. She called her friend to bring her her cell phone and the staff at the CCRC refused to even discuss the situation(friend had key to her room) because of HIPPA
Now that is absurd and I quickly called ,tried to educate the staff about the laws. Insanity,the staff was afraid of losing their jobs.
Frankly sometimes you just have be clever about what you say to get what you need. Often the truth will not get you what you need.Nuff said.
HIPPA applies only to providers and institutions, we can all gossip abut our friends and relatives just like we always have, remember free speech.
That said at the CCRC where my parent lives a good friend of her was suddenly hospitalized. She called her friend to bring her her cell phone and the staff at the CCRC refused to even discuss the situation(friend had key to her room) because of HIPPA
Now that is absurd and I quickly called ,tried to educate the staff about the laws. Insanity,the staff was afraid of losing their jobs.
Frankly sometimes you just have be clever about what you say to get what you need. Often the truth will not get you what you need.Nuff said.
7
"Insanity,the staff was afraid of losing their jobs."
THIS exactly. It's used as blunt instrument to control staff. They can be dismissed on the spot if accused of a HIPAA violation - or at least, so they're told, and the lower level workers in particular tend not to be unionized or to know their rights.
THIS exactly. It's used as blunt instrument to control staff. They can be dismissed on the spot if accused of a HIPAA violation - or at least, so they're told, and the lower level workers in particular tend not to be unionized or to know their rights.
1
Let's suppose you are working in medicine and someone you don't know calls and asks for information about person X. "Frankly sometimes you just have be clever about what you say to get what you need. " What is the upside to giving out the information for you or your employer? I can't think of any. What is the downside: dismissal for cause, bad references should you be dismissed, possible prosecution, a huge amount of money even to defend yourself, and scandalous coverage of you, yourself, since there is no information protection for you in the legal process.
There have been actual instances where the caller was working for a radio station and got a 'scoop' by doing exactly this, with the consequences I outlined.
There have been actual instances where the caller was working for a radio station and got a 'scoop' by doing exactly this, with the consequences I outlined.
One reason that doctors, their staffs, and hospital and nursing home employees are so skittish about HIPAA is that the potential penalties are draconian. HIPAA needs some rethinking and clarification, along with required retraining of the lawyers who give advice about it. While they're about it, if ever, similar attention should be paid to the privacy laws relating to students. How often do you read about crimes committed by students in which the schools refuse to release information due to privacy laws?
8
There is indeed an analogous law regarding confidentiality of student records, it's called FERPA, though I forget exactly what the acronym stands for.
I have health care POA with my mom and tried to get an electronic communication with her medical clinic--records, appointments, etc. The clinic transferred me to that department which said that they do not go by POA info and I would have to have my mother verbally give them the ok. She does not live with me so that is very inconvenient, so I still don't have access electronically. Just another frustration.
5
Excellent comments, all. I think I can top the absurdity people face in construing HIPAA. When my pet CAT was in intensive care in a pet hospital, and I called to ask how she was doing that evening, I was informed that I could not be told because of HIPAA. To compound this insanity, this was from a place where she and I were known, and where I visited her daily during her hospitalization, and had visited her that day, only a few hours before the call.
Somehow, however, the staff found it in their hearts to disregard feline HIPAA regulations, when presenting me with a highly inflated bill, replete with double billing.
Somehow, however, the staff found it in their hearts to disregard feline HIPAA regulations, when presenting me with a highly inflated bill, replete with double billing.
41
That is TOO funny!!!
7
OK, you win the Most Absurd HIPAA Excuse award, Bootseymom.
3
Easy solution, have the cat to sign the consent form and then they could legally release the info.
2
I've read various patient privacy policies allegedly based in HIPPA, in different medical offices. My take-home summary is: Anyone and everyone who has a financial interest in it can access the patient's health care information -- except the patient.
32
Even many physicians don't understand HIPAA correctly. I quit an allergist a few years ago, as I was told that when he was not on duty or on call, his partners could not legally access my health information and deal with me by phone - I had to go to the ER. Going to the ER in a strange city was NOT as good as being treated by a physician who could easily have accessed my health records.
One of the things I love at the medical school where I see several physicians, is that they not only can but DO actually talk to one another about my health concerns. Like many people, many are related and having various specialists able to easily consult with one another, has been a huge bonus for me.
One of the things I love at the medical school where I see several physicians, is that they not only can but DO actually talk to one another about my health concerns. Like many people, many are related and having various specialists able to easily consult with one another, has been a huge bonus for me.
2
The law properly referred to as HIPAA, not Hipaa.
2
As a practicing emergency physician I was often frustrated and befuddled when trying to get timely and sometimes critically important medical information on a patient I was actively treating. I would often be told - mistakenly - by those entities I had called seeking information (about the same patient they had recently treated) that I needed to send a faxed copy of a signed medical release form first. This was true even in cases where the patient was unable to sign (unresponsive, comatose, etc. and with no family or proxy in attendance). Sigh. Even health care institutions don't always understand or interpret the law correctly.
7
I agree w/ many of the posters here. I have written for a patient to have imaging studies only to be told later that I needed to have a signed HIPAA release before the records could be sent to me. I have had to ask for a supervisor and then the head of medical records before a copy of the xray, ct scan, etc was faxed. The higher ups were nice. The person answering the phone was just following orders. HIPAA creates problems where there aren't any. Every place has caller ID. If a patient of Dr. Jones was in the ER and now Dr. Jones' office is calling to ask for records of the ER visit because the patient is in for the instructed follow up, the thing to do is fax over the records. Not ask for a HIPAA release form. Another law on the books that was not needed and now causes problems where there aren't any.
3
I think that Hipaa law has been violated too many times by medical institutions, doctors, nurses and other authorities. When it comes to stealing and sharing someone'e private medical records, like it happened in the case with New York Giants defensive lineman Jason Pierre-Paul, no one has a problem with that or concerned with the hipaa law violation. But when it comes to a matter of someone's life and death, they can't say or accept necessary information from patient's family members to save his or her life. I do believe that Hipaa should be in place to protect people's private medical records and services like ShazzleMD encrypted hipaa complinat email should be used to ensure private email communications when it comes to medical data sharing.
2
HOPE & HEALING When a loved one, friend or acquaintance is taken ill or removed from a facility, a crucial part of the healing process both for the person being treated as well as family and acquaintances is being informed of the patient's whereabouts and condition. My wife's uncle, who passed away recently after nearly 8 years on life support, while lucid and socially engaged, eagerly awaited frequent phone calls from my wife's mother, his elder sister, who was supported and encouraged by the staff of the acute care facility where he lived. He was barely able to speak, leave alone sign his name. Yet the treatment team got it right. They accepted his wishes and reported his condition to his sister. When able to speak, his sister and he enjoyed communicating with each other. We last saw him in 12/2014, when he told us how much it meant to him to speak with his sister. He said that when he had trouble sleeping, he would reminisce about the good times he had earlier in his life. His high spirits truly were miraculous. They were aided and supported by staff who understood HIPAA accurately. The "P" in the name is for privacy, not secrecy. Mental health is now considered to be an integral part of medical health. So misapplication of the HIPAA laws will result in substandard treatment because the emotional support so critical to healing will be interrupted if not excluded completely, because of mistaking privacy as a substitute for social and emotional attachment.
4
Before i retired as an Emergency Physician my standard of care was how would i want my family of myself to be treated. I would never give less care than that and would try to give more than expected at low cost. HIPAA is to discourage professions from disclosing unnecessary medical information, as when a radiologist release George Harrison's xrays or an insurance clerk released Arthur Ashe's HIV test.
There is no complete privacy in this world of internet, massive records, public recognition, closed circuit TV, and public access of records. It is usually better to have too much communication than too little.
There is no complete privacy in this world of internet, massive records, public recognition, closed circuit TV, and public access of records. It is usually better to have too much communication than too little.
6
Oh, yeah, healthcare providers hide behind Hipaa, especially when a lawsuit or an uncomfortable fact is involved. One hospital avoided giving my mother's medical records to my father, her legal guardian, for years, hoping to reach the statute of limitations for bringing suit. Then the nursing home where she died refused to tell me she died, as did the hospital where she was taken after she died. Instead they called to tell me she was having respiratory difficulties and let me walk in to her room and figure it out for myself. I was her legal guardian by then. they left it up to me to call my siblings and let them know...they don't like to give out that information over the phone, they said, because then people will be driving when they're upset. Amazing.
4
I am a physician. I have been told I cannot call a patient from the waiting room by last name, a "HIPPA" violation (it isn't). I have been told I have to confirm I have the correct patient by first and last name before taking them out of the waiting room (a new safety rule) even if I have seen them repeatedly for years. I have called a physical therapist about a patient I referred and been told they cannot talk to me about my own patient because of HIPPA. People have lost all common sense and administrators are scared of their own shadow when interpreting rules.
28
Hospitals can't just give out information to friends. That's ridiculous. Who's to say someone is a friend or not? "Family" too cannot just get confidential health info. Who's to say the family members aren't enemies? Please get a lawyer to write this.
A very large hospital chain here in California, during the years that they were responsible for care for my aged mother, would not respond to phone calls by me about her, even though they were sending me her hospital bills to pay. However, if i called them saying i was HER, there was no problem. I honestly do not sound like an 80 or 90 yr old woman, but whatever passes the litmus test will do apparently. I understand the former egregious errors perpetrated on the sick by people that required a response by government, but the response is too rigid, confusing, and like any rule, can be subverted by the truly evil - as usual with government. It is only the innocent patients and their loved ones who are impeded.
4
If I recall correctly, Jane Gross talked about this strategy a bit in A Bittersweet Season. Sometimes impersonation is the easiest way to go. It helps if you have at hand some of the details that might be requested - the person's birthday and Social Security Number. I had to do this for an aged relative who was moving and needed to change utilities billings. She didn't hear that well on the phone and it was a challenge for her to deal with the customer service folks (though she had no cognitive impairment). I don't sound like I'm 90+ either (heck, I've been told I don't even sound like I'm nearly 70.) I say anything that is done in absolutely good faith and ethically, with the approval of the person whose needs are being served, is a good idea.
1
As a physician , let me just clarify that no one _wants_ to restrict information or obstruct communication between family members. Rather, we are at the mercy of truly draconian measures should we be found in violation of HIPPA. I have had a patient leave her brother's phone number as a contact person after surgery and when i called him to let him know she was OK, and all had gone well with her surgery, she accused us of a HIPPA violation. Many times it would be much better for the patient if a family member took more interest in their care and came to the appointments and helped keep track of things for them , but we are prohibited from reaching out to said family if they are not already present and if the patient is otherwise competent to make their own decisions... HIPPA stifles communication and coordination of care between providers--for example, we get emails referring to pt with medical record number 34531819. Even with a set of initials, I cannot figure out who that might be without logging into the electronic medical record (which i cannot do easily on the fly--I am a busy surgeon and am in the OR most of the day). Would a patient really object to using their name if it meant more efficient communication and ultimately, safer and better care?
9
Wasn't HIPAA meant to be a bulwark against insurance companies bribing doctors to slip them medical info that they could use to prove pre-existing conditions and deny coverage? I seem to recall that collusion between shady insurance practices and unethical doctors was the target. Certainly not preventing friends and family from getting information. But then again, shady insurance investigators were probably impersonating friends and family of people they were hunting for dirt on.
there really is not anything private anymore, everyone talks about everything without shame or conscience
As an education reporter I see the same thing happen all the time with FERPA, which keeps students' grades and discipline records private. I'm always happy to work with teachers to make sure kids whose parents didn't sign media release forms aren't in the shot I use but sorry, FERPA doesn't prohibit me from taking photos of a field trip in a public place or asking questions about standardized testing practices or how many Talented and Gifted students a district has.
3
If you are a reporter, and people don't want to talk, then you can always just print what their enemies say.
They'll usually start talking after that.
They'll usually start talking after that.
1
Neither patients nor their relatives lose any rights while they are hospitalized.
I suggest that people who have this sort of question ask to speak with the Hospital Chaplain for assistance with any of these kinds of problems around patient rights.
I suggest that people who have this sort of question ask to speak with the Hospital Chaplain for assistance with any of these kinds of problems around patient rights.
1
One clinic I was in refused to provide me (myself) with a copy of medical photos claiming it wasn't allowed under Hipaa. I knew they were wrong, but it wasn't that important to me. Next time I'll push.
21
Hippa has become outdated and abused and needs a complete rethinking. I remember it being invaluable in protecting HIV positive adults from discrimination from employment or housing citing the need for privacy. What it has become as the examples on this blog show is a new way for hospitals to protect themselves from revealing or taking responsibility for mistakes in eldercare and to shut out the responsibility of actually communicating with the caregivers. The code of silence quoted here is indeed the case and protects the medical industry not the patient particularly not the elderly patient whose case is often complicated and requires an advocate if not many sources to fully understood and properly treated. Once again the medical industry wins and the patient loses.
25
When I was hospitalized, I specifically listed my son at the top of the list of who I wanted the hospital to share my info with. When he called one evening to confirm some medication administration, the HCW instantly said she could not discuss pt info. My son, who works in healthcare, instantly threatened to bring a lawsuit if the HCW didn't check my chart to confirm my consent. It isn't that the law is confusing--it gives them an excuse to be lazy, pure & simple.
83
Don't assume its laziness on the part of the front line worker. Often they're told they're liable to immediate dismissal for a hipaa violation. And they're told this by a supervisor who doesn't understand the law him- or herself.
A few years ago, I received a letter from the DMV (Dept of Motor Vehicles) about a vehicle registration. I called the DMV and was told that I would have to visit in person; the woman could not discuss the issue over the phone because doing so would be a HIPAA violation.
Oh.
Oh.
29
And THAT's about as stupid as it gets. (It doesn't even have any internal logic--why is a face-to-face conversation any less likely to be overheard than a telephone one?)
The law needs to be revised and made clearer, but, perhaps more importantly, training in what the law does and does not proscribe needs to be manadatory--and, as the above indicates, not just in hospitals, clinics, and drugstores.
The law needs to be revised and made clearer, but, perhaps more importantly, training in what the law does and does not proscribe needs to be manadatory--and, as the above indicates, not just in hospitals, clinics, and drugstores.
Wow - that is really odd. Perhaps the person who spoke with you used to work in health care and now thinks HIPAA is an all-purpose privacy act?
Fear is a strong motivator. Together with a lack of full understanding of the regulation in a world highly regulated, I can see how health care providers tend to err on the side of extreme caution with HIPAA issues, even though as a former health care provider, it can be maddening when all you are trying to do is advocate for a patient to assure quality continuous care. I had to make a phone call to intervene as a QA Coordinator for a hospital based home health agency when our home care nurses couldn't get or give information when their patients were admitted to our own hospital. We were on the same team. A little education by the hospital unit managers cleared things up, but how frustrating for our nurses until it was resolved.
4
Managers in all branches of health care need to be instructed in the HIPAA law by professional people who know the law first hand. It gets interpreted by people who just do what they are told and never learn the purpose and nuances of HIPAA.
1
HIPPA goes too far and does not neccesarily protect people. It is wrong to make it so difficult for a child, parent or spouse to get information on a loved ones health. There may be cases where a person does not want family to know about their medical condition, but the law should allow the person to opt-in to that and not make it the default. My husband & I have gone to the same doctor for years and every year we need to resign a form allowing the staff to discuss our health with the other spouse. They said if we forget to resign, they cannot talk to us. That is wrong. The law should not assume spouses want medical privacy. The law needs to protect family bonds. If someone does wants there info private, they can sign a form for that! There are many other problems with HIPPA and its needs to be reworked. It is a violation of liberty to withhold information from a loved one unless the patient specifically requests it. If I am ever hurt in the hospital, I want my husband, daughter and parents to know all details. Why should a law prevent that?
HIPPA definitely is in the category of laws that sounded good at the time but cause a lot of unintended harm and should be repealed. Who is it actually protecting? Most of the info is already stolen by hackers anyways!
HIPPA definitely is in the category of laws that sounded good at the time but cause a lot of unintended harm and should be repealed. Who is it actually protecting? Most of the info is already stolen by hackers anyways!
26
One never stops being surprised how obtuse people can be. That hospital bureaucrats over-interpret this is to be expected; that's how bureaucrats are, from the ancient world until today.
But a parson believing that Hippa would keep him from listing the sick in the church bulletin.....wow. That is....stupid.
But a parson believing that Hippa would keep him from listing the sick in the church bulletin.....wow. That is....stupid.
12
People and businesses will latch onto whatever rule or regulation is available to act in whatever way they want. It's a one way street, and many do not seem to really care about the spirit of the rules.
How many times have you gone into a doctor's office and been told "sign here, here, and here", where one of those "here's" is an affirmation that you've received the privacy policy? That policy may be written on the back of one of the many sheets you've been handed, or it may be something you are provided after signing the declaration that you've already received it.
I've even had occasion where I asked for the policy only to be told that the office was out of printed copies. At least the staff didn't insist that I sign a declaration that I'd received the policy.
The point is that often service providers do not care about what the rules mean. They ask you to sign the privacy notice because they are required to ask. So they do ask, sometimes without complying with the more important part of the rule - actually providing that notice, preferably in a form one that a mere human could understand.
Medical privacy is important, and HIPAA is a good step in that direction. To the extent that some problems arise due to misunderstandings, some clarifications, common sense, and training can help. To the extent that the problems are a result of a general disrespect for rules and procedures that seem to obstruct, I don't know what the answer is.
How many times have you gone into a doctor's office and been told "sign here, here, and here", where one of those "here's" is an affirmation that you've received the privacy policy? That policy may be written on the back of one of the many sheets you've been handed, or it may be something you are provided after signing the declaration that you've already received it.
I've even had occasion where I asked for the policy only to be told that the office was out of printed copies. At least the staff didn't insist that I sign a declaration that I'd received the policy.
The point is that often service providers do not care about what the rules mean. They ask you to sign the privacy notice because they are required to ask. So they do ask, sometimes without complying with the more important part of the rule - actually providing that notice, preferably in a form one that a mere human could understand.
Medical privacy is important, and HIPAA is a good step in that direction. To the extent that some problems arise due to misunderstandings, some clarifications, common sense, and training can help. To the extent that the problems are a result of a general disrespect for rules and procedures that seem to obstruct, I don't know what the answer is.
5
Of course it is over interpreted. I can and will be fired on the spot, no questions asked, for a HIPAA violation. Why would anyone take a chance.
6
After a surgical Never event & egregious medical mistakes, instead of disclosing the true medical facts to me and treating iatrogenic injuries causing disabling 24/7 pain, my doctors, hospital, & medical group lied to me, covered up what happened. Doctors wrote false, defamatory info that amounted to character assassination in my records then sent the false records to numerous others and attorneys in violation of HIPAA. This was done to interfere with/impede my ability to get medical care & repair surgeries AND build a fabricated case for med mal defense. I’ve learned this is modus operandi when doctors injure patients. The fabricated records read as though they were written by a defense attorney and per the defense agenda instead of an honest doctor. The despicable doctor sent the false records to a psychiatrist (I’ve never been to such a doctor, ever) and others, via unsecured personal email, without my knowledge/authorization, to build a false case that I was crazy, to discredit me. I filed a detailed complaint with complete evidence with the Dept. of Health and Human Services about these clear HIPAA violations. My doctor responded to the complaint with lies and H&HS sided with him! My experience is that it’s open season on patients, no federal/state agency protects patients. They only protect dishonest, incompetent doctors, driving down quality of medicine & driving up costs for all. Doctors, attorneys & MedMal insurance companies are ABOVE the law. HIPAA is a joke.
6
Absolutely had a similar experience. I filed a complaint with the Dept. of Health and Human Services about the HIPAA violations. My doctors clearly made intentional, repeated, and unnecessary disclosures of my medical records to numerous others clearly not involved in my medical care and NOT for any valid medical reason or case management reason and without my permission. It was to cover up medical fraud. My doctor performed the wrong surgical procedure, then lied about it to me and lied in my medical records. This surgeon was on the hospital's executive board and was well connected. So of course, they waged a smear campaign using fabricated medical records which they sent all over the place in violation of HIPAA to discredit me. My HIPAA complaint was denied because the Dept of H&HS said they were "too busy" and "doctors can do whatever they want."
Some people abuse the law by over-enforcing it, but we should maintain some sense of perspective.
HIPAA came into being because it was urgently needed. Some of the horror stories about past violations of patients' privacy would make your hair stand on end. In one case, a hospital trustee in Florida who happened to be a banker didn't think that former cancer patients were good loan risks. He was given access to all of the hospital's records on cancer patients, helping him discriminate against survivors of the disease. In another case, a self-righteous hospital employee decided to "punish" all patients who had tested positive for HIV by leaking their names to the media.
HIPAA was implemented towards the end of the Clinton administration. There were almost no fines levied for violations during George W. Bush's eight years in office. When a reporter asked a member of the administration why this was so, he said, "We don't care about privacy." Not kidding.
HIPAA came into being because it was urgently needed. Some of the horror stories about past violations of patients' privacy would make your hair stand on end. In one case, a hospital trustee in Florida who happened to be a banker didn't think that former cancer patients were good loan risks. He was given access to all of the hospital's records on cancer patients, helping him discriminate against survivors of the disease. In another case, a self-righteous hospital employee decided to "punish" all patients who had tested positive for HIV by leaking their names to the media.
HIPAA was implemented towards the end of the Clinton administration. There were almost no fines levied for violations during George W. Bush's eight years in office. When a reporter asked a member of the administration why this was so, he said, "We don't care about privacy." Not kidding.
17
Is a dumb law, or one that creates more problems than it solves - just a different kind - better than no law? The culture that HIPAA has created is counter-intuitive to much of what health care is about.
1
Since all of us are getting older, and since the United States has a significant "aging" average population, these are very important issues. I want to thank you for this well written and sourced article that clarifies Hipaa issues in detail for us, the readers.
2
Another good reason to have an up-to-date advanced health care directive, with a clause that authorizes your agent to obtain information protected or potentially protected by Hipaa. I travel with mine.
4
I think there is a lot of laziness causing this, but I can vouch that hospital staff who are paid to monitor HIPAA issues are also pretty zealous, which makes people play it safe.
I'm an obstetrician in a large Academic center. For years patients brought pictures of their newborns and placed them on my bulletin board in the hallway. It was very popular over the years but last week the HIPAA monitors came and made me take it down. They said b/c I didn't have written permission, I couldn't have it up anymore. Sigh
I'm an obstetrician in a large Academic center. For years patients brought pictures of their newborns and placed them on my bulletin board in the hallway. It was very popular over the years but last week the HIPAA monitors came and made me take it down. They said b/c I didn't have written permission, I couldn't have it up anymore. Sigh
19
Do you have a badge? Does it have a picture? Insist that it be removed. Why? Hippa.
1
Here's an article about this issue (maybe this is about you?)
http://www.outsidethebeltway.com/doctors-office-baby-pictures-barred-by-...
The article ends by saying parents could always sign waivers to have their babies' photos posted. Certainly correct - and why not?
http://www.outsidethebeltway.com/doctors-office-baby-pictures-barred-by-...
The article ends by saying parents could always sign waivers to have their babies' photos posted. Certainly correct - and why not?
"HIPPA" generally translates to "I'm not going to tell you anything." There's widespread confusion and deliberate misinformation about what it means and who it applies to. Maybe we can get a "Truth in HIPPA" statement when presented with the stack of waivers to be signed.
In the last years of their lives, my grandparents were repeatedly hospitalized. We're a large and extended family. We were given a code word to get information over the phone, which might have been the sanest approach to HIPPA.
In the last years of their lives, my grandparents were repeatedly hospitalized. We're a large and extended family. We were given a code word to get information over the phone, which might have been the sanest approach to HIPPA.
11
I work in a cancer center and I often have taken phone calls from physicians' offices seeking to refer a patient to us for treatment. On several occasions I have had the secretary give me the patient's name, DOB, Social Security number and phone number, but then balk when I ask that the relevant medical records be sent over. "I can't do that because of HIPAA" was the usual response. In some cases even the secretary's supervisor was ignorant of the fact that doctors are allowed under HIPAA to share the medical history of a common patient!
20
When my elderly mother was recently hospitalized (again) in Michigan, I called to learn how she was doing. Hospital personnel told me the authorization she'd signed to disclose information to me had expired when she was last discharged from the hospital, a month earlier. They explained that the "Hippa list" of people who could be told of a patient's status had to be re-created each time that patient is admitted to the hospital - to protect their privacy because sometimes family members have a falling out with the patient and the patient no longer wishes their information disclosed to some individuals. I protested, asking "What if my mom is unable to speak when she's admitted?" They basically said I was out of luck. They also told me they had no record that my mom had a daughter. I informed them that not only do I exist, I was on the Hippa list the last 4 times my mom was hospitalized, and that I am her only living relative.
22
Next time say you' re a lawyer and speak to administration .
1
The word for such mentality is anal. People in health care know that word.
1
Our lawmakers should read the comments to this article and start asking themselves if these maddening rules were obstructing their ability to help their own family member would they still be on the books or would they have been completely overhauled by now?
1
Misguided law that complicates simple issues and makes people stupid. MAKES THEM STUPID.
8
Hipaa...schmipaa! In the 2010 revision on a page in the 2000-plus range of the Act, the AHP and other big time hospital fundraising lobbyists got the ok for hospitals' development officers to know when your mom/dad/kid was admitted, doctor's name, what treatment occurs, and the outcome good or bad. Maybe if you call the hospital foundation or development office and make a gift, you can find out something.
20
HIPAA is an unnecessary intrusion of the federal government into health care. Malicious or negligent disclosure was well covered by tort law and ethical guidelines. HIPAA criminalized the whole area. Individual health care providers working inside systems (who doesn't, these days?) are regularly manipulated with threats of HIPAA penalties on ambiguous grounds by supervisors trying to control aspects of behavior they don't like. Good will and common sense were early victims of the law. Busybodies, administrative tyrants and other malcontents in the health arena find it a convenient and effective tool. "Clarifications" aren't going to work-- everyone has become paranoid.
5
A few thoughts: if you are the patient's designated agent under a health care proxy, you are automatically HIPAA-authorized. You may have to press that point with staff. But, in many cases the health care proxy has to be activated by a doctor, and it's that in-between time that puts many loved ones in limbo. So a separate, generic HIPAA authorization is useful to have in reserve. Nothing in the federal law says it has to be notarized. I also make sure that the expiration date on the HIPAA authorization is "two years following patient's death" so that medical records can be obtained and insurance claims settled without waiting for an executor to be appointed.
9
Very helpful information, thank you. Could you share the language used in your "separate, generic HIPAA authorization," (including the two years following death provision) or point us to a recommended link? Thanks.
The elements required to be in the HIPAA authorization are defined in the statute and are available on HHS.gov. They include: What health information will be disclosed; Who will disclose the information; Who will receive the information
The purpose(s) for disclosing the information; A statement informing the patient of (1) his or her right to revoke the authorization in writing, (2) how to revoke the authorization, and (3) any exceptions to the right to revoke; A statement that the hospital cannot require the patient to sign the authorization in order to receive treatment or payment or to enroll or be eligible for benefits; A statement that information disclosed pursuant to the authorization may be redisclosed by
the recipient and no longer protected by the federal privacy regulations; A statement that the authorization will expire: (1) on a specific date, (2) after a specific amount of time (e.g., 5 years), or (3) upon the occurrence of some event related to the patient; The signature of the patient and the date. Note: If the patient’s personal representative
signs the authorization, the authorization also must include a description of that person’s authority to act for the patient.
Any form (or statement of the patient) including these elements will be "HIPAA-compliant." You can write your own.
The purpose(s) for disclosing the information; A statement informing the patient of (1) his or her right to revoke the authorization in writing, (2) how to revoke the authorization, and (3) any exceptions to the right to revoke; A statement that the hospital cannot require the patient to sign the authorization in order to receive treatment or payment or to enroll or be eligible for benefits; A statement that information disclosed pursuant to the authorization may be redisclosed by
the recipient and no longer protected by the federal privacy regulations; A statement that the authorization will expire: (1) on a specific date, (2) after a specific amount of time (e.g., 5 years), or (3) upon the occurrence of some event related to the patient; The signature of the patient and the date. Note: If the patient’s personal representative
signs the authorization, the authorization also must include a description of that person’s authority to act for the patient.
Any form (or statement of the patient) including these elements will be "HIPAA-compliant." You can write your own.
As a medical professional I can tell you that there are several major problems with HIPAA, all related to money.
First, the most egregious and pernicious violators of patient privacy: Insurance and Pharma companies bought their way out of being covered by the law. They buy, sell, and freely use patient information in any way which turns a profit.
Second, the creation of HIPAA created an enormous niche for "Consultants" for hospitals and other covered entities. In order to maximize their own consulting fees, most of these "consultants" over-read the requirements for compliance in such ways as to complicate system and ensure continuing consulting contracts.
Three, staff education is expensive and health care management has no confidence in the existence of "common sense". It is therefore cheaper to teach the staff to just say No.
First, the most egregious and pernicious violators of patient privacy: Insurance and Pharma companies bought their way out of being covered by the law. They buy, sell, and freely use patient information in any way which turns a profit.
Second, the creation of HIPAA created an enormous niche for "Consultants" for hospitals and other covered entities. In order to maximize their own consulting fees, most of these "consultants" over-read the requirements for compliance in such ways as to complicate system and ensure continuing consulting contracts.
Three, staff education is expensive and health care management has no confidence in the existence of "common sense". It is therefore cheaper to teach the staff to just say No.
28
Last week my 18-year-old daughter's insurance company refused to tell me if her insurance plan (via her dad's insurance) was an HMO or a PPO, citing HIPAA. I explained that the scope of her coverage was not "protected health information" under the law--the HR people at her dad's work knew whether it was an HMO or a PPO, and the information has nothing to do with my daughter's health. They adamantly refused to tell me anyway. The effect was that I was unable to make a doctor's appointment; I had to wait for her or her dad to call the next day (which, of course, takes half an hour to get a simple answer). So frustrating.
20
My daughter's (19 yo) plan refused to tell me if they received payment for her premium which - I - paid, and to refused to give me the address to send the check!
6
I administer a self-funded health plan in Southern California, and we have a formal legal opinion, from smart lawyers, which is the product of a long debate, and which says that the mere fact of the existence of coverage is Protected Health Information. So, by telling you whether your 18-year-old daughter is in an HMO or a PPO,without her permission, we'd be revealing the existence of coverage, thereby disclosing PHI, and violating HIPAA. (I reject the Times' style guide on the issue of capitalizing acronyms.) Stupid? Yes. But apparently the best interpretation of the law as written.
You reap what you sow. Complex law that even as a doctor I don't fully understand. So I and many others would rather err on the side of saying less, rather than risk punishment / fine / getting fired for saying too much.
4
Because as a doctor you have been punished how many times?????????
My favorite Hipaa moment was calling my son's pediatrician (since birth!) to ask if he had gotten his meningitis booster, which was required by his university. Since he was 18, and technically an adult, they declined to give me information or even acknowledge that he was even a patient. So, I said OK, I will ask my son to call you for the information. He did. They refused, and told him that he had to be physically present in the office to get the information. Because of Hipaa. You can't make this stuff up.
31
HIPAA is a great example how a nice concept gets shifted way out of whack by clueless administrators and politicians, similar in nature to gun control. Both ideas were initially well meaning and noble, though over time and over-aggressiveness, are only bent in one direction, toward more and more draconian policies.
One small example how HIPAA makes my day as a physician more difficult- As part of my job (Radiologist) I work at a workstation with 5 individual programs open all at the same time, each dealing with dictation, imaging, archiving, etc., all very tenuously communicating with each other as cobbled together by third party programs. It takes at least five minutes to boot up in the morning, three to shut everything down. Because of HIPAA laws, each program has its own individual timeout period, I have to juggle clicking each one literally every few minutes, even if I don't need that program open at that time, just to prevent each one from timing out. If one of the five programs times out, I have to shut all the others down and restart just to keep them all talking with each other. That's the one example I thought would be appreciated by the most readers, even for those not in the Medical Profession, but there are many more Medically-specific that are being covered in other comments.
One small example how HIPAA makes my day as a physician more difficult- As part of my job (Radiologist) I work at a workstation with 5 individual programs open all at the same time, each dealing with dictation, imaging, archiving, etc., all very tenuously communicating with each other as cobbled together by third party programs. It takes at least five minutes to boot up in the morning, three to shut everything down. Because of HIPAA laws, each program has its own individual timeout period, I have to juggle clicking each one literally every few minutes, even if I don't need that program open at that time, just to prevent each one from timing out. If one of the five programs times out, I have to shut all the others down and restart just to keep them all talking with each other. That's the one example I thought would be appreciated by the most readers, even for those not in the Medical Profession, but there are many more Medically-specific that are being covered in other comments.
55
Proving its point about the difficulty in understanding HIPAA, the author misstates a few important principles. The statement, “[T]he law does not prohibit health care providers from sharing information with family, friends or caregivers unless the patient specifically objects” is misleading. First, the scope of information that could be shared with such people is limited to “information directly relevant to such person's involvement with the individual's care or payment[s]….” If a friend is to accompany the patient home, for example, information on mobility or the administration of medication during travel might be disclosable. Second, the patient’s right to consent is not an opt-out right as the excerpt suggests. If the patient is lucid and there is no emergency, the patient must affirmatively consent, or not express an objection when given the opportunity to consent, or the health care provider must infer lack of objection from the circumstances. Another example of a misleadingly incomplete statement is “An assisted living facility or nursing home can report a death. It can also give someone’s general condition and location, assuming the patient remains within the facility.” As with the first example above, the scope of persons to whom disclosure can be made is limited, and there are requirements for consent or a determination of the resident’s best interests.
8
Excellent points, Joseph. Although most of the comments refer to situations ranging from frustrating to inane and seem to be ways to protect the caregiver more than the patience, there are circumstances where family members are not in accord about their loved one's care, especially concerning elderly relatives. Our faculties decline at different rates, and competence is very elastic. It's not uncommon for children to have different impressions of a parent's competence in making their own decisions about end-of-life issues, and giving all family members the same access to information can create even more conflicts between health-care professionals, the patient, primary care-givers and siblings. It's usually the children who are not on hand who have the hardest time supporting patient choices, and their interference can have tragic results. Every HIPAA form should include a specified duration, conditions that can be reported, and people who are being granted access to this information, and from whom it is restricted.
I am a pediatrician. My step daughter gave birth to a premature infant, and the neonatologist refused to even tell me if the baby was doing well, citing HIPPA. It was a stupid excuse (that she had bought into, because it fit her needs) to not have to ever talk to anyone other than the parents.
Hippa has a good intention, and has value, but it is used much too often as a way out of having to talk to family by physicians.
Hippa has a good intention, and has value, but it is used much too often as a way out of having to talk to family by physicians.
58
Alan, who is the "she" who "had bought into" using HIPAA to refuse to give you information? If it was the neonatologist, that is one thing, but if it is your stepdaughter, that is an entirely different case. And, why should the provider talk to anyone other than your stepdaughter and her husband, the parents of the child, unless the parents specifically gave authorization? That you are the stepfather doesn't mean diddly - not all stepchildren have a good relationship with their stepparent, so being a stepfather doesn't give you any special privilege or relationship. Neither does being a pediatrician, unless you were specifically designated by the parents as the pediatrician for the baby.
1
the "she" was the neonatologist,and this was long after my step daughter had told her (in front of me) that she was free to discuss any aspect of the baby's care with me if the she had been my stepdaughter, surely i would have accepted the physicians silence. in this case my step daughter was using me to translate the baby's medical status to her, yet the neonatologist refused to abide.
One more note - although it adds to the complexity, there are a whole list of common sense exceptions to when a provider or health plan need the patient's permission to release information including some cases relating to workers compensation, when there is an emergency of certain types, in certain law enforcement situations and more.
1
Anyone who has walked into a hospital as a patient or the family of a patient and read the disclosure that the hospital provides to the patient concerning his/her rights vis a vis HIPAA should be more concerned by the fact that the hospital is more protected than the patient and trying to get records requires an act of Congress. Just another component of our broken healthcare system.
21
I agree with most every comment here. This is a terrific article. I have been driving the treatment of my 26-year-old's mental illness -- she suffers from extremely hard to treat depression and anxiety -- for over ten years now and since she turned 18 it's been a nightmare to try and get her the care she needs. Once she was taken by ambulance to a psych ward at our local hospitals. When I called to inquire if she had been settled in, I was told, "we cannot confirm or deny that she is here." Huh? She left to go there from MY HOUSE, WHERE SHE LIVES.
There are more stories I could share about the mental health system and Hipaa, however, not enough space or time!
There are more stories I could share about the mental health system and Hipaa, however, not enough space or time!
38
I can relate with you...my son tried to commit suicide... we think... right after turning 18.
There is a good book called "The Burden of Sympathy: how families cope with Mental illness."
In it is a whole chapter on the hospital system and how they treat the families.
So much for the patient's bill of rights- the right to an advocate.
There is a good book called "The Burden of Sympathy: how families cope with Mental illness."
In it is a whole chapter on the hospital system and how they treat the families.
So much for the patient's bill of rights- the right to an advocate.
4
Ellen Acconcia and Laura, agreed. There are real problems here about whether older adolescents are sufficiently protected.
Yes parents trying to advocate for their adult children with mental illnesses are especially thwarted not only by HIPPA but a plethora of other laws designed to shut them out even when their loved one is unable to act in their own best interest. The legal wrangling that must go on just to get your adult child the help they need is daunting and can bankrupt families. The pendulum has swung too far.
1
Interesting that this blog-post mentions online patient portals. I've been alarmed at how much data-mining is being done by the online patient portals that some of my different doctors use.
One web-site requires me to load google and cloudfront java scripts -- *after* I log in. (If I don't, the site won't operate.) Who knows what kinds of data are they collecting about me. The privacy agreement has nebulous wording about sharing with "third-parties" and that it's "anonymous," but everyone knows that there's no such thing as "anonymous" data on the internet anymore. Why is that legal?
One web site's privacy policy was so broad I sent a complaint to the Health and Human Services Office web site about it, but got back an email saying it didn't qualify as a violation. Really?
Why is it legal for a patient portal web site to use *any* third party data collection software? Especially since we have no idea who's collecting the data or where it's going to end up or how it's being used?
Is it being sold to insurance companies? Employers? And if I visit my portal too many times, will that tell them I'm too sick to employ? Will an insurance company deny me life insurance or long term care insurance? It's frightening.
One web-site requires me to load google and cloudfront java scripts -- *after* I log in. (If I don't, the site won't operate.) Who knows what kinds of data are they collecting about me. The privacy agreement has nebulous wording about sharing with "third-parties" and that it's "anonymous," but everyone knows that there's no such thing as "anonymous" data on the internet anymore. Why is that legal?
One web site's privacy policy was so broad I sent a complaint to the Health and Human Services Office web site about it, but got back an email saying it didn't qualify as a violation. Really?
Why is it legal for a patient portal web site to use *any* third party data collection software? Especially since we have no idea who's collecting the data or where it's going to end up or how it's being used?
Is it being sold to insurance companies? Employers? And if I visit my portal too many times, will that tell them I'm too sick to employ? Will an insurance company deny me life insurance or long term care insurance? It's frightening.
48
I too have been denied access to my own medical info "because of HIPAA," but it also goes the other way. On a recent visit to a clinic I was required to print and sign my name on a list taped to the counter in the check-in area and to write down what procedure I was having. There were about a dozen people who had signed in before me and I could see exactly why they were there. I expressed my concern that the practice violated, if not HIPAA (I am not a healthcare lawyer) then basic privacy principles. The staff dismissed my concerns.
192
I have noticed that "the staff" of any hospital is trained not to think - not to use
any personal judgment - not to read what they're asking you to do - for example
in after-care - and to have no personal involvement whatsoever. What they
do is self-protective - and as for protection for you - you're on your own. "The
staff" of any hospital is trained to do as they're told without feeling or personal
involvement. This topic is a hot topic b/c what if the nurse has religious objections
to someone's abortion and takes steps to intervene somehow. The "what ifs" are
really complex. But the system is cold and impersonal.
any personal judgment - not to read what they're asking you to do - for example
in after-care - and to have no personal involvement whatsoever. What they
do is self-protective - and as for protection for you - you're on your own. "The
staff" of any hospital is trained to do as they're told without feeling or personal
involvement. This topic is a hot topic b/c what if the nurse has religious objections
to someone's abortion and takes steps to intervene somehow. The "what ifs" are
really complex. But the system is cold and impersonal.
I've noticed that my doctor now puts a piece of paper over the sign-in list so only the current name is visible.
Take a pic of the list, as it is taped and visible to others. Redact their names - but not yours - and send this with a complaint to the civil rights office at HHS. They are mentioned in the article. Be sure to include the biz card of whomever brushed your concern aside, and of the clinic executive.
HIPAA was a poorly written law to begin with, and its misuse has expanded and spread the way misinformation so often does. Good to see that some legislators are finally catching on to the need for federal clarification.
84
Although HIPAA and Medicare intend to provide more security and better medical care, what happens in real life is worse medical care as we become further isolated. We need to be connected to other people socially and the medical care system separates us even as the doctors and social workers are "assessing" our vitally needed social support.
This article misses a key point. Yes, lots of health care providers unnecessarily withhold information citing HIPAA. But their decisions to do so are a lot more understandable when you consider (1) how confusingly the statute is written, and (2) the provider could be fined up to $1.5 million or GO TO JAIL for violating it. See 42 U.S.C. 1320d-5 and 1320d-6.
Now you probably won't go to jail or be fined $1.5 million for a minor HIPAA violation. But -- given the insanely convoluted language of the statute -- there is effectively no way to know what the enforcement agency or federal prosecutor will decide is a minor violation (or a violation at all) until long after someone asks you to release information. So, facing fines up to $25,000 for completely inadvertent mistakes (1320d-5a1A) or a year in prison if a prosecutor suspects that your violation was intentional (1320d-6a), what would you do?
Now you probably won't go to jail or be fined $1.5 million for a minor HIPAA violation. But -- given the insanely convoluted language of the statute -- there is effectively no way to know what the enforcement agency or federal prosecutor will decide is a minor violation (or a violation at all) until long after someone asks you to release information. So, facing fines up to $25,000 for completely inadvertent mistakes (1320d-5a1A) or a year in prison if a prosecutor suspects that your violation was intentional (1320d-6a), what would you do?
131
And yet, you would think highly trained, highly educated, highly intelligent medical professionals could see the distinction between sharing information with close family or giving out basic info to friends (like, "She's passed away" or "She's fine") from giving out medical information to medical information to businesses or insurance companies, etc. without the patient's explicit permission.
Or am I being too presumptuous?
Or am I being too presumptuous?
5
You are. We are physicians, not lawyers. I have no additional training in the law than anyone else on the street. We typically have hospital lawyers giving us legal counsel which is intended to protect the hospital, with dire promises of job termination, jail time, and high fines (not covered by malpractice, but which you are personally liable for) if you violate the law in any way. I have been told I could be fired for accessing my own medical info and records on the hospital system, which I have a legal right to access. I suspect this is way above the what the law requires but when you involve lawyers deeply in health care, this is what you get. Likely the lawyers are telling us way above what is necessary to protect the hospital but not being a lawyer myself, I am not fully qualified to judge the veracity of the advice. Also, consider that what the lawyers write become hospital policy, even if it ends up exceeding what the law requires, so you can be fired just for violating hopsital policy. Seeing as most of us don't want to be jobless, destitute, and potentially in federal prison, we aren't going to be the canary in the coal mine and oppose what a squadron of lawyers tells you.
1
That excuses some cases, but not the ones described in the article. Sorry, but I work in health care and there's really no excuse for not taking down information about medication allergies or chastising a patient for violating HIPAA by talking about their husband's care in a cafeteria. If you work in such a job, you're required to complete HIPAA training. Obviously these people didn't pay attention at all during that training or apply common sense.
2
I've been denied the opportunity to look at my own health care information on HIPAA grounds. It's my health care information and if anyone should be able to look at it I should! The other thing I've noticed is that these same people have no problems discussing patients among themselves (sometimes in derogatory ways) in the hallways or in other public places while denying us, the patients or family and friends, simple pieces of information that could tell us how things are.
As patients, family, or friends we are denied knowledge we need to make decisions, to help, or even to make a last visit while the person in question is alive. I don't think HIPAA was enacted with that in mind. It's also a very convenient out for providers who don't want to discuss things with anyone or want to protect themselves from questions or knowledge that they did something wrong. It's interesting how privacy is invoked when we most need to know what is happening with us, our families or our close friends. Yet this same information is shared quite freely with the insurance companies and in ways that are completely inappropriate HIPAA notwithstanding.
As patients, family, or friends we are denied knowledge we need to make decisions, to help, or even to make a last visit while the person in question is alive. I don't think HIPAA was enacted with that in mind. It's also a very convenient out for providers who don't want to discuss things with anyone or want to protect themselves from questions or knowledge that they did something wrong. It's interesting how privacy is invoked when we most need to know what is happening with us, our families or our close friends. Yet this same information is shared quite freely with the insurance companies and in ways that are completely inappropriate HIPAA notwithstanding.
203
HIPAA permits that kind of information sharing. As w/so much concerning health care in the US these days, HIPAA is for insurers & health care providers (their protection & ease of use/functioning) not that of patients or their close family or friends. Otherwise patients would be provided w/free copies of their records of treatment, tests, etc., (it would be mandatory, not different rules by state), and there would be far stiffer penalties for the confidentiality violations via carelessness with treatment records (in my area, a clinic employee tossed the paper treatment records of hundreds of patients in to a recycling bin. It was discovered by someone who happened to walk by the recycling bin and reported it. The hospital/clinic chain provider was allowed to conduct its own investigation (not the OCR). It, unsurprisingly, determined that it was not at fault, it was just one of those things that happen, the chain's procedures were fine. It was state law, not federal law that imposed a fine of $5,000 (big deal) and then the state WAIVED all but about $500. HIPAA provides for no fine, no penalty and no private cause of action. There is no citizen's suit provision, so the only recourse at present is to go through an understaffed/underfunded federal office.
Identity theft damages from inadequate computer security safeguards of insurers, health care providers or hospitals? Forget it.
Identity theft damages from inadequate computer security safeguards of insurers, health care providers or hospitals? Forget it.
3
Hen3ry stated: "I've been denied the opportunity to look at my own health care information on HIPAA grounds. It's my health care information and if anyone should be able to look at it I should! "
I have serious doubts whether this denial was based on the law. This article describes many misinterpretations by professionals and patients, and this seems like one.
I have serious doubts whether this denial was based on the law. This article describes many misinterpretations by professionals and patients, and this seems like one.
1
This happened to me as well. Out of frustration I told the nurse that I as the patient in question authorized her to release medical information to my self. She just looked at me confused and finally gave me the information I had requested. True story.
3
HIPPA is one oft he scariest words in medical care, and usually it is even not clear (as this article shows) what it means. When it was initiated all levels of health care works had visions of making an inncocent mistake and then spending their lives in federal prison.
Thanks for this article.
Thanks for this article.
15
Come on. Has anyone been fined, let alone jailed, for a violation of Hipaa?
Thank you for this excellent article. I have seen HIPAA abused routinely. Providers say "HIPAA, you know" and think that ends the conversation. I have seen health care providers refuse patients their own health care information. People, especially patients and caregivers, need to be educated and informed about the law and not be afraid to push back.
15
It would be nice if the regulations concerning privacy focused on "doing no harm", the central tenet of the Hippocratic oath. When privacy rules get in the way of receiving the best possible care, the law has clearly missed it's target.
3
After having a blood test, I was told by the hospital clerk that they could not send me a copy of the test results of my own routine blood test "because of Hippa". I had to speak to a nursing supervisor to get the results. Aggravating.
12
I've been denied access to my own medical records and had HIPAA cited, yet somehow the same medical facility lost my records? Electronic records can't come soon enough. Now I won't go to a provider that doesn't give me my own copy of all paperwork.
9
As a nurse, I have had to fight this over and over. Yes, it is an excuse by medical offices and staff to not do their work. I was told, in Kansas, that Hippa did not allow me to see my own chart! Get a grip folks and it is imperative that supervisory staff understand Hippa and explain it to their staff.
80
I'd comment but, you know ... Hipaa.
9
This just goes to show how the law is not helpful. You have lawyers at firms dedicated to HIPPA and yet you expect a doctor to know every in and out of it?
You think that its straight forward; just let a family member know what is going on but it is not. You may have a lovely family but we see all sorts of dysfunction; believe it or not Dad may not want the kids to know what's going on cause they are after his money; or that sweet wife may be abusive to the patient and so on and so on.
There are entire industries built up to scare Medical Professionals about HIPPA and the Government never far behind. You don't mention the fines for EACH violation - Tens of Thousands of Dollars!!!
Fear of litigation is part of the culture of medicine in this country and yet no one will deal with it. It is pervasive and intrusive and - rightly or wrongly - affects so much of what we do. Patients suffer the consequences but its never as straight forward as you might think.
When a patient cant text you their own information because it is a HIPPA violation then you can see how insane it is. As ever the Government is as ever years behind.
You think that its straight forward; just let a family member know what is going on but it is not. You may have a lovely family but we see all sorts of dysfunction; believe it or not Dad may not want the kids to know what's going on cause they are after his money; or that sweet wife may be abusive to the patient and so on and so on.
There are entire industries built up to scare Medical Professionals about HIPPA and the Government never far behind. You don't mention the fines for EACH violation - Tens of Thousands of Dollars!!!
Fear of litigation is part of the culture of medicine in this country and yet no one will deal with it. It is pervasive and intrusive and - rightly or wrongly - affects so much of what we do. Patients suffer the consequences but its never as straight forward as you might think.
When a patient cant text you their own information because it is a HIPPA violation then you can see how insane it is. As ever the Government is as ever years behind.
10
Based on years of experience and chart review, I'm convinced that many more people suffer and even die due to lack of medical information that is available somewhere than suffer damage from breach of privacy. I agree with those who have said that the current state of HIPAA interpretation is insane.
The same government policies that have forced medical practices and hospitals to adopt electronic records (before the gliches have been worked out) then require the same providers to spend massive amounts of time and money to try to safeguard the security of the data, while government and corporate computer systems are hacked on a regular basis. Really?
The same government policies that have forced medical practices and hospitals to adopt electronic records (before the gliches have been worked out) then require the same providers to spend massive amounts of time and money to try to safeguard the security of the data, while government and corporate computer systems are hacked on a regular basis. Really?
66
When legislators put such heavy punishments in place for violating this law ($50,000 and 1 year of incarceration) is it any wonder that anyone who isn't an attorney will err very far to the side of caution?
45
It isn't on the side of caution that they err. It is on the side of authoritarianism. Doctors don't really like patient involvement. (Speaking in generalities based on years of experience navigating our medical "system"). They want everyone to shut up and do as their told. If, because of lack of information, because everyone did shut up, the doctor screws up, s(he) wants to blame HIPAA to absolve him/herself of any liability for the screw up. These same doctors resent every penny they pay in malpractice insurance.
Seems to me they are shirking responsibility every chance they get.
Seems to me they are shirking responsibility every chance they get.
Yes, it IS a wonder, because it evinces a complete ignorance of how laws have been adminstered/enforced in practice. And the evidence is fairly clear that behaving responsibly and rationally in the absence of responsible/sane interpretation of statutes has been treated respectfully by the law's enforcers. Of course it should be amended, but those who fear absurd penalties have not themselves gotten good counsel about the way the law has been carried out in practice. Not that all attorneys always recommend "first, don't do anything at all", but that general sentiment seems to pervade the realm of HIPAA counsel.
While serving as a Parish Nurse for a short time, I found the HIPAA conversation was a very confusing one - especially since the previous Parish Nurse used the HIPAA law for everything under the sun.
Even when I researched over and over the law, how it pertained to usage in a church, and publicized documented HIPAA info, people were skeptical.
No one wants to put out gossipy information or untoward information about another's health condition. And certainly we need to recognize and respect personal information. But when you call a nursing home to see if someone who has been transferred to the hospital has been returned to the home so you can administer communion, and they tell you HIPAA prevents them from telling you if that person is there, I mean, Really?
More training needs to be done regarding HIPAA and the rules need to stop changing - if that indeed is what is causing the confusion. And moreover, folks, get advanced directives in line, because as a nurse speaking here, you yourself can prevent confusion, hard feelings, mistakes, and unnecessary omission of important health care information, as pointed out in the article but completing this simple task.
We all need to be responsible for the part that HIPPA can play in true protection, but yet not taking it to the ridiculous.
Even when I researched over and over the law, how it pertained to usage in a church, and publicized documented HIPAA info, people were skeptical.
No one wants to put out gossipy information or untoward information about another's health condition. And certainly we need to recognize and respect personal information. But when you call a nursing home to see if someone who has been transferred to the hospital has been returned to the home so you can administer communion, and they tell you HIPAA prevents them from telling you if that person is there, I mean, Really?
More training needs to be done regarding HIPAA and the rules need to stop changing - if that indeed is what is causing the confusion. And moreover, folks, get advanced directives in line, because as a nurse speaking here, you yourself can prevent confusion, hard feelings, mistakes, and unnecessary omission of important health care information, as pointed out in the article but completing this simple task.
We all need to be responsible for the part that HIPPA can play in true protection, but yet not taking it to the ridiculous.
15
Mima (heartscry) my hospital has a registration form used for admitting patients that asks if the patient wants to list a religious preference and if so, does he or she want the church/temple/synagogue. etc. notified that the patient is in this hospital - or skilled nursing - or wherever... Those who want to fill it out, do. But no one has to.
Also, in the case of serious illness or the patient not being able to answer questions about what he or she wants, IF someone in that family has power of atty for health care decisions, perhaps that person can have extra copies of it and bring one to the hospital if the patient is admitted. In that case, getting info with it, and then making a decision to transmit it --or not --to other family members. The nursing home that cared for my late husband, who died in 1997 of Alzheimer's, sent a copy of not only the power of atty but also of my husband's signed, witnessed do not resuscitate document also with him. Made things a lot easier. They sent a copy of each of these for me also, when I got to the hospital to which he'd been taken. We'd all had family discussions on what to do and how to handle various situations after his admnission to the Alzheimer's facility. He died - with ALL of the things he'd wanted being done and nothing he hadn't previously authorized. 19 years later, that is still a great memory.
Also, in the case of serious illness or the patient not being able to answer questions about what he or she wants, IF someone in that family has power of atty for health care decisions, perhaps that person can have extra copies of it and bring one to the hospital if the patient is admitted. In that case, getting info with it, and then making a decision to transmit it --or not --to other family members. The nursing home that cared for my late husband, who died in 1997 of Alzheimer's, sent a copy of not only the power of atty but also of my husband's signed, witnessed do not resuscitate document also with him. Made things a lot easier. They sent a copy of each of these for me also, when I got to the hospital to which he'd been taken. We'd all had family discussions on what to do and how to handle various situations after his admnission to the Alzheimer's facility. He died - with ALL of the things he'd wanted being done and nothing he hadn't previously authorized. 19 years later, that is still a great memory.
The original intent of the HIPAA law was, as its name implies, the 'portability and accountability' of health insurance. When Ted Kennedy proposed it, his intention was to allow people to move from one job to another without losing their health benefits. This would help those stuck in jobs they hated or were not suited for - if they changed jobs they wouldn't lose their coverage. This aspect of the law has been completely lost and replaced by the utterly ridiculous interpretation of the less important section regarding confidentiality. As a physician, I can agree with the need for confidentiality regarding medical records, but the fact that an article like this has to be written in the first place speaks in favor of the total obfuscation of the reason for the law in the first place.
87
HIPAA is also misused by entities to which it doesn't even apply. Even though the law applies only to health care providers, cemeteries and funeral homes refuse to release information from their records about the deceased and public records custodians refuse to allow the public to see the cause of death on death certificates, all citing HIPAA.
12
Step son in California recently had emergency spine surgery after a bodysurfing accident. Even though his WIFE was with him IN the hospital and had given permission for the staff to speak with my husband and I about the surgery the staff said they were -forbidden- by HIPAA from speaking about his condition with ANYONE over the phone. Luckily my DIL fund one sane nurse and I got enough information to put my husband at ease.
I work in the field of public health and can vouch for the fact that the misinterpretation of this law by many health professionals is madness.
I work in the field of public health and can vouch for the fact that the misinterpretation of this law by many health professionals is madness.
107
My stepfather was taken to the emergency room in FL because he was having trouble breathing. My mother was in the early stages of dementia and was having trouble understanding what was happening, so she called me and handed the phone to the physician in the ER, who filled me in on what they knew at the time. Neither of my stepbrothers lived where they would be able to get to FL quickly and easily, especially on short notice (let alone deal with my mother), so we agreed that I would catch the next flight from NYC with the understanding that I would assess the situation and let them know if they needed to come down.
By the time I got to the airport, my stepfather had been admitted, but the nurse standing next to his bed refused to give me any information about his condition "because of HIPAA," insisting he had no way of knowing I was who I said I was, despite my stepfather affirming in the background that I was his stepdaughter and "For God's sake, tell her!"
I called back and asked to speak to the nursing supervisor, who finally gave me an update: My stepfather had congestive heart failure, but was responding to treatment. That allowed me to let my stepbrothers know that the situation was under control and continue my journey without worrying that I might be "too late."
Oooops! Did I just violate HIPAA by telling you all that?
By the time I got to the airport, my stepfather had been admitted, but the nurse standing next to his bed refused to give me any information about his condition "because of HIPAA," insisting he had no way of knowing I was who I said I was, despite my stepfather affirming in the background that I was his stepdaughter and "For God's sake, tell her!"
I called back and asked to speak to the nursing supervisor, who finally gave me an update: My stepfather had congestive heart failure, but was responding to treatment. That allowed me to let my stepbrothers know that the situation was under control and continue my journey without worrying that I might be "too late."
Oooops! Did I just violate HIPAA by telling you all that?
222
HIPAA is a perfect example of how something that may seem like a good idea can become a Frankenstein once it is codified and made into law. I have seen countless cases like those cited in the article and in these comments where, by refusing to give or receive information, medical personnel and institutions have put patients and others into dangerous situations, and then hide behind HIPAA when pressed on the situation. Only a lawyer could be satisfied by calling these "misinterpretations" of HIPAA. Rather, they are often plainly deliberate misuses of the law aimed at avoiding inconvenient discussions, or at shielding institutions and personnel from criticism and liability. HIPAA should be amended to make it clear that, if personal information may require protection, medical institutions and personnel remain morally and legally accountable for any damage they may cause patients and others by inappropriately rejecting or withholding it.
37
Our 14 year old was traveling with family friends in North Carolina. One night suddenly he became delerious, unable to walk and high fever. Taken to the emergency room by ambulance. My friend called me, five states away. The emergency room physician and head nurse each refused to speak with me on the phone, citing Hipaa, and saying I should have had the forsight to give a signed letter for permission anticipating somehting might happen. I was out of my mind with worry that he was dying of meningitis. The person from United airlines who arranged for a flight in the middle of the night was more helpful. Yes all ended well but it was truly horrible.
275
Maybe they were referring to a letter authorizing one of the family friends to receive information and consent to treatment. There is such a document, called short-term emergency guardianship proxy (in Massachusetts). But as he was a minor and you are his parent, they should have at least spoken to you.
For immediate family members or parents who find themselves in this situation, just call the hospital operator and ask to be connected the hospital ethicist or attorney. This will solve your problem. For all the other "Mom"s" out there, you are the child's guardian until the age of 18 and the hospital has the legal obligation to call you for informed consent and permission to do any tests or procedures. If the facts are correct in this case, the hospital did not meet their legal responsibility.
4
This should never have happened. In an emergency situation, medical providers may speak to whomever they like, if they can make the case that it would contribute to the patient's care. I routinely pick up the phone and call family members in distant states when I suspect that my patient has wandered from home due to his or her illness and family may not know their whereabouts. It's critical for me to have information regarding the patient's history and HIPAA does not prevent me from doing what I need to do to obtain it. As the head of Risk Management at a previous job once said to me: "I would rather see us get in trouble for a HIPAA violation than see us get in trouble because we didn't communicate appropriately with another provider or a family member to ensure the patient's safety."
While it is correct the HIPAA is limited to medical providers, one somewhat surprising result is that employers are included within that group when the patient is covered by a company's self insured health benefits. Suddenly, supervisors in a job setting are worried about HIPAA rules. That type of result is one reason HIPAA is sometimes assumed to have a broader reach than it actually has.
4
this has been a nightmare for me. earlier this year, I was repeatedly solicited by a mail order pharmacy affiliated with Tricare to begin using them to have my prescriptions filled instead of having to go through all the hoops required to get refills at a military pharmacy. immediately I began having problems when I would get emails telling me that my "prescription had been shipped," but I could get no information as to *which* medication was being referred to. nothing in my account online gave me an answer, so I called the Customer Support line and was told that "HIPAA prevented them" from telling me, the patient, what medication *I* was receiving. cancelled my subscription immediately. I was part of the HIPAA implementation team for my state, yet the representative argued with me that I could not have information about myself. at least the military understood that I am who I am.
101
I had exactly the same problem. They wouldn't tell me what I was receiving, I got 6 months' worth of meds in two months, and I started to worry about the idea of meds sitting in my mailbox during the heat we have here in July and August (that part may not have been a legitimate worry, but still... ) I hated that company. I used it for about six months, and then I needed a change in dosage, and it was another nightmare to get it changed. I cancelled it. I don't care how much cheaper Tricare makes it to use the mail-order service; I'll pay to get my scripts filled at my local pharmacy.
My new mail=order RX supplier tells me in e-mails that I CAN have refills shipped if Rx'd by the doctor who ordered the particular medication, However, if I want to know WHAT medication(s) are eligible & other info, such as when they'd be shipped, I need to set up an online account with them using passwords and presenting additional info such as date of birth and other info-- OR can call the drug provider and ID myself satisfactorily by answering about 4 or 5 specific questions.THEN I can llearn what meds could be refilled and can yes or no each of them.. I also was sent Jan. 1 2015 a booklet from the mail-order company outlining how to do the web info, whom to call, and a long list of drugs categorized by tiiers (higher-numbered tiers are higher in price) AND with that was able to ask my individual doctors what drugs they thought I might need if my condition worsened during 2015, how the drugs might be higher priced if they were higher-tiered, and whether or not there were effective substitutes in lower tiers that would probably be cheaper. One of my knowledgeable sons flew in during the enrollment period, went through the company's booklet, talked to five of my doctors, and helped me choose a good plan to help take care of future needs. I have Parkinson's that is getting worse. I was very grateful for his help and involvement.
HIPAA has gotten to the point that virtually every medical provider I see, be it in large university hospital setting, a smaller partnership, or even (the now rare) sole practitioner, uses one boilerplate legal form (providing, for example, that medical students be allowed to watch, access patient records and participate in care, even when the practitioner will never SEE a medical student) that even I, as a lawyer, have trouble deciphering. I assume some lawyer(s) somewhere at sometime drafted and "passed" on this legal boilerplate.But, I would love to have the backing and resources to challenge the language in court. As I read these HIPAA policies, my providers may share my medical information with anyone THEY want to but not, necessarily (unless I put it in writing), with the people I want them to.
81
HIPAA is an acronym for Health Insurance Poratability and Accountability Act. It should be written in all caps.
61
Oddly, several commenters have inquired about this. According to the The Times's stylebook, acronyms longer than four letters are upper/lower case. N.A.S.A., and Darpa.
24
Thanks for clarifying that, I never knew this!
This "style" is misguided. It misinforms readers who are unfamiliar with the "style" by presenting the acronym as a proper noun. This could easily be construed as the actual name of the law. By doing this you take away the agency of the reader. When the acronym is all caps there is no confusion that it is a stand-in for the full name. This NY Times policy dumbs down their readers. Beware...
7
If you're in the healthcare industry and don't want to do something, it's usually possible to "find" a government regulation that you can cite that relieves you of having to do whatever it is that you do not want to do. And so it is with HIPAA. On the day in 1994 when President Clinton signed the privacy portion of the law into effect, someone informed the President that a nurse or office attendant who announces a patient's name in a waiting room would be in violation of HIPAA. The President had to issue his first exemption to the law to permit this otherwise patients would need to "take a number" and wait to be called.
3
I have been in doctor's offices where you indeed are issued a number. Many where they call you in by first name. In NYC it is just silly. In small town Ohio it is hilarious because there is usually someone else there who knows exactly who you are anyway. But to the extent that fewer conversations about patient's conditions happened in elevators or corridors it has been useful. Of course that should have been the case without a law.
7
It is true that HIPAA is probably the most wildly misinterpreted law in the history of laws. This article demonstrates some of the ways in which it is inappropriately invoked.
For some reason this legislation is hard for many people to conceptualize, and their common sense and reason flies out the window. However, I have run into many treatment professionals who DO seem to get it. It does have an important purpose in protecting the privacy of people's medical information from inappropriate disclosure.
For some reason this legislation is hard for many people to conceptualize, and their common sense and reason flies out the window. However, I have run into many treatment professionals who DO seem to get it. It does have an important purpose in protecting the privacy of people's medical information from inappropriate disclosure.
6
Does HIPAA protect women's privacy? If so, how are prescriptions and procedures the business of the state? Is the Federal HIPAA law secondary to state laws? If the difficulty we experience obtaining information about family and friends does not protect patient's from the religious agenda of state government (where the establishment clause of the First Amendment is not enforced) what protection is there? The government may be the insurer of some women, but does the state have the right to do anything other than pay for the prescriptions and procedures, and regulate the effectiveness of each, rather than deprive women who receive Medicaid when other women are not deprived. Are women who are entitled to Medicaid being deliberately harmed when their HIPAA rights are violated in this context?
6
If you are on Medicaid the state or its agency is the insurance company. They can choose what to pay for, and they have to know what they are being asked to pay for. The insurance company knows ALL.
It's "HIPAA" not "Hipaa".
There is so much concern around breaches, and the guidance around the regulations are so overwrought that we've gone above and beyond common sense applicability in many cases.
There is so much concern around breaches, and the guidance around the regulations are so overwrought that we've gone above and beyond common sense applicability in many cases.
2
Interesting piece - one formatting question: why is HIPAA not fully capitalized, rather than spelled Hipaa? It's an acronym, after all. The NYT doesn't refer to NASA as Nasa, or OPEC as Opec, as far as I know...
13
When people started say "Hippa" instead of "H-I-P-A-A" the status of Hipaa moved from an acronym to that of proper noun.
Same thing can be said for Scuba and Nafta.
Same thing can be said for Scuba and Nafta.
It's a style thing, as in NYT Style Book. UK English often does the same thing for acronyms longer than four letters.
Though I question whether it's valuable to debate this style question in these comments (when there are so many more important aspects to the topic under discussion), here's the answer from copy desk editor Q and A in 2008:
Q. Would you please explain why The New York Times is referring to the Health Insurance Portability and Accountability Act as Hipaa rather than HIPAA?
— Nancy McCall, Baltimore
A. Oh boy, an easy one to start!
In publications governed by the Associated Press stylebook, the acronym for Health Insurance Portability and Accountability Act would indeed be rendered as HIPAA.
But we are governed by the New York Times Manual of Style and Usage, which calls for any acronym of more than four letters to be rendered with only the first letter capitalized, thus Hipaa. One reason, as you can see, is that an all-capitalized acronym calls attention to itself, possibly distracting a reader. (And let's not confuse an acronym with an initialism, like F.B.I. Both are formed from the first letter in each word, but in an initialism the letters are pronounced individually. Note that The Times, again in a departure from Associated Press style, uses periods in initialisms.)
http://www.nytimes.com/2008/03/24/business/media/24asktheeditors.html?pa...
Q. Would you please explain why The New York Times is referring to the Health Insurance Portability and Accountability Act as Hipaa rather than HIPAA?
— Nancy McCall, Baltimore
A. Oh boy, an easy one to start!
In publications governed by the Associated Press stylebook, the acronym for Health Insurance Portability and Accountability Act would indeed be rendered as HIPAA.
But we are governed by the New York Times Manual of Style and Usage, which calls for any acronym of more than four letters to be rendered with only the first letter capitalized, thus Hipaa. One reason, as you can see, is that an all-capitalized acronym calls attention to itself, possibly distracting a reader. (And let's not confuse an acronym with an initialism, like F.B.I. Both are formed from the first letter in each word, but in an initialism the letters are pronounced individually. Note that The Times, again in a departure from Associated Press style, uses periods in initialisms.)
http://www.nytimes.com/2008/03/24/business/media/24asktheeditors.html?pa...
It IS a "gotcha consideration" as referred to here, and funny, it's JUST LIKE "Homeland Security". It can apply to anything the user wishes, to get out of doing something or to snark on another person (like the stranger who told Mrs. Gross she could not discuss HER OWN DYING HUSBAND in a public place.
I have noted how often businesses have used "Homeland Security" for any dumb thing they don't want to do, and with hospitals or doctors, everything is "HIPAA". They don't care about the law and they don't care about privacy, but they sure like the "nyah nyah nyah" aspect of refusing to help people.
I have noted how often businesses have used "Homeland Security" for any dumb thing they don't want to do, and with hospitals or doctors, everything is "HIPAA". They don't care about the law and they don't care about privacy, but they sure like the "nyah nyah nyah" aspect of refusing to help people.
24
And due to lobbying efforts by non-profit health care centers, like St. Jude Medical Center in Fullerton, affiliated foundations to these Medical Centers can access BOTH patients' demographic and health information to fund raise... We were wondering why all of a sudden my 90 year old mother-in law after seeing her orthopedic surgeon received a letter to give money$$ to the St. Jude Memorial Foundation...
Think of all the vulnerable seniors that can't find the small small box to unsubscribe themselves from these mailings... They don't know to do this, probably send them $25 and believe me, the $25 adds up...
Really unconscionable behavior, someone in Congress should work to overturn this Omnibus rule! HIPAA's really a farce!
Think of all the vulnerable seniors that can't find the small small box to unsubscribe themselves from these mailings... They don't know to do this, probably send them $25 and believe me, the $25 adds up...
Really unconscionable behavior, someone in Congress should work to overturn this Omnibus rule! HIPAA's really a farce!
37
The fact that these so-called "non-profits" hospitals, which make huge profits and pay out huge salaries for the administrators at the top, and pay zippo in taxes and collect mucho bucks from Medicare and Medicaid, is one of the great scams of our generation.
8
Tony, I don't mind getting the fund-raising appeals. especially if they come with a page or two of free address labels. I only give to those I really care about - and usually I can't afford to do very many of them. However, the address labels are useful for sticking on various monthly payment envelopes, and maybe they will inspire someone to give to that particular organization. On the other hand. I', still using up labels and 12-month calendars I received last year...at the time I got them, I was still teaching - now retired - and set aside one calendar for each of the different classes I was teaching. I put in the lesson plans and the exam dates in each, kept a list of whether a particular section of English 2 went with the Audubon calendar or the ocean calendar, and found my teaching responsibilities were easier when I focused on each set of appropriate dates - organized by class section. I also use some of the extra labels on my cane and walker to ensure they are appropriately marked (especially if I'm flying). Easy way to know your baggage.
I try to start with giving to my church - not as much as I wish I could, but I know they handle donations. Then I tend to give to organizations fighting hunger, Jan Bone
I try to start with giving to my church - not as much as I wish I could, but I know they handle donations. Then I tend to give to organizations fighting hunger, Jan Bone
It also becomes a big problem when the institutions evoke HIPAA in settling medical bills. I had a year-long interaction with one of the hospitals in my mother's county when they billed her for services provided to another woman with the same name who lived in the same small community. My mother was institutionalized with dementia and was unable to participate personally in the phone discussions with the hospital. I manage my mother's financial and medical affairs under the proper authorizations but the hospital insisted on having her sign their specific authorization (which she had, but more than a year earlier so the hospital wouldn't accept it any longer). It took me almost a year to find someone who could resolve the issue in the hospital because, if I was right, they couldn't give me information on the reason for the hospital stay, ambulance and care. If it was for my mother, they claimed that she hadn't provided the right authorization.
Medicare did give me some information on the claims because, of course, Medicare was the primary payer and had already paid out on the claims but the billing still needed to be corrected by the hospital. It occurred to me that hiding behind HIPAA could make it easier to defraud Medicare and insurers because caregivers of mentally disabled patients may not be able to audit the services being billed for.
Medicare did give me some information on the claims because, of course, Medicare was the primary payer and had already paid out on the claims but the billing still needed to be corrected by the hospital. It occurred to me that hiding behind HIPAA could make it easier to defraud Medicare and insurers because caregivers of mentally disabled patients may not be able to audit the services being billed for.
237
I server as a compliance officer for my healthcare agency, and in my opinion "HIPAA" and "HiTECH" are subfactors in the rise of the cost of healthcare. Search "HIPAA COMPLIANT Software" and you'll find plenty of vendors willing to take advantage of the confusing nature of the law to jack up the price of their simple computer system by saying that they are certified, even though HHS offers no such certifications. The nature of the law could be condensed- information should be handled in a auditable fashion, transmitted data encrypted with unique logins required, and only accessed by authorized individuals. Instead we pay the price because, as cited in the articles, many people don't understand the law and subscribed to these expensive solutions. (And I'm not even going into the misguided and ineffective nature of Business Associate Agreements, Risk assessments, or any other number of factors that don't actually protect patient privacy as evidenced by the recent hacks at insurers or the OPM)
21
So, can anyone explain -- what is the intended benefit of HIPAA ? And does it achieve that benefit?
4
For starters, so your employer can't demand information from your psychiatrist.
3
For another, it put an end to the bad old days where men could control their wives and daughters by having them committed, then collude with the doctor or institution to keep them there "for their own good," i.e. out of the way or disempowered. Likewise it gives parents less control over adult children whose behavior they don't like, by shutting them out of situations that aren't any of their business. Its just unfortunate that when interpreted too expansively, the law also makes things more difficult for loving and supportive families.
How strange to not introduce what "HIPAA" means. The phrase "Health Insurance Portability and Accountability Act" is used once, but not equated with the acronym, which should have been written the way I did. But HIPAA has had a strange effect on institutions and individual behavior, perhaps because of the way it was introduced in terms of legal penalties.
2
@ G.D. Wolkovic
The intended benefit was simple and reasonable. Patients - not their health care providers - were to have default control over who learned about their health conditions. It has largely achieved that benefit but has also been misunderstood and misapplied. One big problem is that it is like any other "opt in" rather than "opt out" structure; the opting doesn't happen for a lot of folks until there is a crisis.
When my mother's CCRC was adapting to HIPAA she was presented with a form asking with whom she would allow her health status information to be shared. (They already had a copy of her health care POA.) We came up with a list of about 30 people including my cousins and their spouses, her living cousins, some very good friends, and immediate family of course including the then-minor granddaughters. But I would bet that less than half of her neighbors even dealt with the form. On the other hand, I made copies and we gave one to her internist and another to the second cousin who worked in the outpatient department at the local hospital. (Small towns can be wonderful in some ways.)
The intended benefit was simple and reasonable. Patients - not their health care providers - were to have default control over who learned about their health conditions. It has largely achieved that benefit but has also been misunderstood and misapplied. One big problem is that it is like any other "opt in" rather than "opt out" structure; the opting doesn't happen for a lot of folks until there is a crisis.
When my mother's CCRC was adapting to HIPAA she was presented with a form asking with whom she would allow her health status information to be shared. (They already had a copy of her health care POA.) We came up with a list of about 30 people including my cousins and their spouses, her living cousins, some very good friends, and immediate family of course including the then-minor granddaughters. But I would bet that less than half of her neighbors even dealt with the form. On the other hand, I made copies and we gave one to her internist and another to the second cousin who worked in the outpatient department at the local hospital. (Small towns can be wonderful in some ways.)
1
Thank you! "Hipaa" is not a word. HIPAA is an abbreviation for the Health Insurance Portability and Accountability Act.
How did health care, or patient satisfaction with health care for that matter, improve with or as a result of HIPPA? It cast too wide a web, damaged provider-to-family communication and increased costs to implement. It threatened severe penalties for violation to everyone involved in the provision of healthcare, most of whom do not understand what the law mandates and therefore err on the side of providing no information at all. A horrible waste of time and money for all involved as currently structured. Another example of Philip Howard's "Rule of Nobody"!
24
As a sole provider have you ever gotten a letter making a formal complaint? This law is the equivalent of the John doe warrants. You have no rights until you can prove you are not guilty.
Eight years ago, our son experienced a mental health breakdown 2,000 miles away at his university. We could not get any information from the university, dorm supervisor, or health system. They also refused to assist him with getting the care he needed, citing hipaa every step of the way. After 24 hours of that I got on a plane and went to "rescue" him. They wouldn't let me into the dorm; I had to call him repeatedly, begging him to come out. Due to the complete lack of support we withdrew him from the school, which was humiliating for him and a financial disaster for us. We could not believe how ignorant the staff was on every front. A person in that condition is not able to seek the care needed. It has, sadly, happened again since we brought him home. I would so very much like to sue the school.
Meanwhile, as we shepherded one elderly parent to appointment after appointment, Drs. and other staff effusive discussed care with us, the juniors, to the point of ignoring the elder entirely.
Meanwhile, as we shepherded one elderly parent to appointment after appointment, Drs. and other staff effusive discussed care with us, the juniors, to the point of ignoring the elder entirely.
107
This should be a reminder to all: when your son or daughter is about to leave for college, ask them if they are willing to sign a form giving parents access to any medical information. It is not "all or nothing": The form has a long checklist of categories of info that the patient does not wish to be shared.
I told my son that we respected his privacy, and would never go poking around, but that if he were sick and needed us to advocate for him, we would not be able to do so otherwise. He thanked us.
Smith: My condolences about the initial situation and the recurrence. I hope you can somehow get the resources your son needs. Good luck.
I told my son that we respected his privacy, and would never go poking around, but that if he were sick and needed us to advocate for him, we would not be able to do so otherwise. He thanked us.
Smith: My condolences about the initial situation and the recurrence. I hope you can somehow get the resources your son needs. Good luck.
1
Thanks for the helpful information. I appreciate it both as a healthcare consumer with family members receiving various treatments as well as being a mental health provider and working with these issues in various situations.
Indeed a misused and not always rational law. I am a physician. Because of HIPPA my answering service is no longer permitted to text me the name of a patient who is trying to contact me. The rationale is that a nefarious stranger will be looking over my shoulder and illegally acquire the name, even if no medical information is included.
12
A doctor who cares about his patient; sir are yu accepting new patients? I thought it was the hyppocritic oath in our for profit Romney-care system.
1
Whoever told you that is incompetent, and if you persist in this behavior, some patient in dire need will eventually sue you for malpractice.
3
try HIPAA
1
What would be really helpful is a guide on what to do when you encounter a block like this. Say, you are inquiring on behalf of a religious organization on the health status of a member to share with their concerned friends, and you get, "Sorry, because of Hipaa, we can't tell you anything." What can you do?
4
Sue them for $54 million under civil RICO?
The health care provider would be correct in this instance. Only two things you can do: Ask the patient's family member, or get a Hipaa authorization from the patient if possible.
5
People may be using HIPAA inappropriately, but why would friends or organizations have, as a default, access to private medical information unless the patient has specific authorized the release of such information?
5
My child attends a public school in NYC. She has asthma, and so I filled out the 'medication administration form'. I was surprised a few months later to learn that unbeknownst to me, my daughter's school (and other DoE folks who had never met my daughter) had called her doctors for consults without even letting me know. I asked if this was a violation of HIPPA, and they said that I signed away HIPPA by filling out the form. But it's a catch-22 -- without medications, she can't go to school.
Does having a chronic condition like asthma, allergies, or diabetes mean that public school children have no medical privacy?
Does having a chronic condition like asthma, allergies, or diabetes mean that public school children have no medical privacy?
65
Schools and school districts are not "covered entities," meaning they are not bound by Hipaa. The article correctly lists the covered entities.
1
Susan, the schools aren't covered entities, but the doctors whom they contacted for information certainly are.
4
I work in a school. At least in my state, your school was wrong. They didn't have a right to call her doctors, nor should the doctors have told the school any information. The medication administration form you filled out - correct me if I'm wrong - was simply to authorize the nurse to give your child asthma meds.
You can't 'sign away Hippa' by authorizing the nurse to give your kid her meds. I mean, unless the form specifically says that, which I doubt. The school was just saying that to you to cover their tracks.
Here's what I suggest to solve the problem: tell your own doctors that they are not to divulge any information to anyone else except you, x or y, and under NO condition are they to divulge information to the school or DOE. Put this in writing. Your own doctors are much more likely to listen to you, the paying parent, than the school.
You can't 'sign away Hippa' by authorizing the nurse to give your kid her meds. I mean, unless the form specifically says that, which I doubt. The school was just saying that to you to cover their tracks.
Here's what I suggest to solve the problem: tell your own doctors that they are not to divulge any information to anyone else except you, x or y, and under NO condition are they to divulge information to the school or DOE. Put this in writing. Your own doctors are much more likely to listen to you, the paying parent, than the school.
1
One company in particular Emblem Health hires people for customer service positions that repeatedly wont allow me to inquire about a bill for my wife or visa versa when shes on my plan. And the hilarious part is that their managers are even more dolt-like in their interpretation of HIPPA. The North Carolina call center needs reprogramming and no I wont take a survey.
3
One of the most important aspect of privacy and HIPAA in particular is individual privacy. You should not expect to receive information about a spouse without an authorization
thats absurd and theyre only concerned with liability law suits; I never agreed with reagan dead or alive but based on this law i see what lipotarians(no pun) and notverysmart conservatives mean when they quote the b actor's- scariest words quotation; this is bad law mascarading as prophylacsis.
"the law does not prohibit health care providers from sharing information with family, friends or caregivers unless the patient specifically objects."
Completely wrong! You have to be HIPPA approved to receive information about a patient from a health care provider! The instances where a provider can use "professional judgement" is highly restricted and the smart health care provider had better have a good reason why it is in the patient's interest to do so. The patient has to list who can receive health care information and can additionally, specifically indicate who cannot, but if your name is not on the list you cannot receive information.
Completely wrong! You have to be HIPPA approved to receive information about a patient from a health care provider! The instances where a provider can use "professional judgement" is highly restricted and the smart health care provider had better have a good reason why it is in the patient's interest to do so. The patient has to list who can receive health care information and can additionally, specifically indicate who cannot, but if your name is not on the list you cannot receive information.
39
To the Author: Please reply to this comment. As a physician who has tried to understand and implement HIPAA, I also thought this statement in the article was exactly wrong. Also, I have found it extremely difficult to obtain medical information about a patient from another provider, hospital or facility without faxing written consent. Is it correct that facilities and offices can insist on this before information is sent to a doctor caring for the patient?
9
sbmd is right. The patient must specific authorize access. It makes sense. Why would friends have access to private medical information? How would caregivers even be able to determine whether someone is a friend?
4
I am a lawyer who works on a lot of HIPAA issues for my employer. How are you requesting the information? Is it clear that you are treating the patient? Don't your patients sign a release with their intake forms authorizing you to obtain their private health information for purposes of treatment?
1
In my experience with two older parents and an older father-in-law in major medical centers in Burlington, Vermont, and Manhattan, NYC, there was a lack of training in the appropriate use of HIPAA law, a general disinclination on the part of providers at every level to share information, and a fear of legal and employment consequences if information was shared. It's as if the hospital lawyers are always hovering in the background, worried about malpractice lawsuits. Also, health care providers in general, particularly nurses, can be divided into two classes: those who want tight control over the patient and their health care information (because they think it makes their job easier) and those who want to help the patient maintain their independence.
26
We have a law which shouldn't be complicated to understand but regrettably, like most laws, has been authored in ways that are complicated to understand and engender fear of violation of the law. So now the solution proposed is to write a clarifying law that will somehow list what is appropriate to disclose. Both are good examples of government overreach. The final statement from Mr. Carlson says it all - HIPPA is more common sense than people give it credit for.
1
Why not just write 10,000 pages of regulations, and require that all medical personnel, and billing clerks, and call-center reps, take a two-year course to learn the rules.
That should do it....
That should do it....
4
Medicaid regulations are 16000 pages. A mistake is punishable.
[ Stupid , stupid, stupid] Let's hope the legislation gets passed.
Institutions train people poorly and often leave low level employees to enforce the non-existent provisions. I think they want it that way - hospitals and nursing homes, not necessarily the doctors, that is. They ignore releases and permissions, and even health care proxy forms. They delay copying records. They resist sharing medical notes with appointed relatives/proxies who must make decisions and as noted some of them even refuse to accept information. It all contributes to poor treatment - and should change
Institutions train people poorly and often leave low level employees to enforce the non-existent provisions. I think they want it that way - hospitals and nursing homes, not necessarily the doctors, that is. They ignore releases and permissions, and even health care proxy forms. They delay copying records. They resist sharing medical notes with appointed relatives/proxies who must make decisions and as noted some of them even refuse to accept information. It all contributes to poor treatment - and should change
94
I recently had surgery at a top NYC hospital. The surgery was almost delayed because a low-level employee insisted I put my personal belongings in a hospital vault. She told me to list the credit card I had with me, itemize the full contents of my purse, etc. This was in pre-op a few minutes before the surgery. (PS this was legit, not a scam). I just said "No" but the nurse took my cards and did if "for me." The charge nurse was a temp so she didn't know what to do either. Then on discharge it took 2-3 hours to get my effects from the vault. I think the lower level employee had been accused of theft and was really scared she's get in trouble and lose her job and refused to listen to me at all.
Later that day, a nurse saw a few pills I had with me from my personal physician (complicated story) and he threatened to take it away and lock it in the vault too. I had no intention of taking the meds (although BTW, the nurses were hours late in distributing the hospital version) and told him that, but he said "I can lose my job if they find I let you keep them"
This is how health care people think "I have to save my job" or "If I do what you want I will lose my job."
So the patient needs and any degree of flexibility is gone.
Later that day, a nurse saw a few pills I had with me from my personal physician (complicated story) and he threatened to take it away and lock it in the vault too. I had no intention of taking the meds (although BTW, the nurses were hours late in distributing the hospital version) and told him that, but he said "I can lose my job if they find I let you keep them"
This is how health care people think "I have to save my job" or "If I do what you want I will lose my job."
So the patient needs and any degree of flexibility is gone.
25
What's sad is that it shouldn't require more legislation for institutions to figure out that they need to train people properly!
6
I recall reading about a woman whose father was receiving hospice care. He had a DNR in his file yet when the hospice nurse arrived to find him dying of a self administered overdose of pain meds, she not only illegally resuscitated him, she reported his daughter for helping him fulfill his wish to die at home. She went to prison ( the daughter, not the nurse who disregarded the DNR) and her father died in a hospital on life support, completely against his wishes.
I'm beginning to think medical people are just mean.
I'm beginning to think medical people are just mean.
5