How HIPAA harms patients

December 4, 2006

Stories of how strict following of HIPAA regulations interferes with patient care:

Although it started as a good idea, HIPAA has gotten out of control. A nursing student was reprimanded for violating the privacy act after she was seen reviewing her very own medical record. A health department representative refused to disclose to a newspaper the number of influenza cases in the county, incorrectly citing that it would be a HIPAA violation.

When the paramedics have completed care and transport of an extremely sick patient, they often want to know the outcome. They want to know if they did everything correctly. Hospitals and EMS agencies have procedures in place that allow this information to be passed in compliance with HIPAA. According to the act’s regulations, “sharing information for treatment or health care operations is not a violation of HIPAA.” Yet, often I am prevented from getting this information by staff members who are misinformed about the privacy act, and fear for their jobs if they should release the information.



Related posts:

  1. HIPAA as a means to profit?
  2. HIPAA is impeding research this time
  3. Patient blogs: A HIPAA nightmare?
  4. James Kim and privacy rules: Can HIPAA also lead to needless deaths?
  5. HIPAA madness
  6. More Virginia Tech and HIPAA
  7. HIPAA overcompliance


KevinMD.com on Facebook


  Follow on Twitter   Subscribe



Tagged as: hospital, media, patient

{ 11 comments }

1 Jon Mikel December 4, 2006 at 4:39 pm

On the other hand:

How you can harm patients if you do not follow HIPAA rules

2 Anonymous December 4, 2006 at 6:00 pm

I don’t see from the examples listed how HIPAA harms patients. How does it harm the nursing student to have to fill out a form to get a copy of her/his records like everyone else has to do? When I worked for a hospital this was made crystal clear to all of the students and employees. You have to go through the proper channels because medical records can be altered. What happens if she has decided she wants to sue? That’s why she needs a COPY of the record and not access to the actual record.

As for the other example, if medical staff who are no longer caring for the patient have an interest in finding out what happened then ask the patient or the family. I don’t see how satisfying the curiousity of staff is beneficial to the patient. There are certainly problems with HIPAA, but the examples provided make for a very poor argument.

3 Anonymous December 4, 2006 at 6:29 pm

I think you’re missing the point, anonymous. The issue is that some people, and some hospitals, are interpreting HIPAA extremely narrowly. Hence they won’t share records without forcing you to jump through all kinds of unnecessary hoops. This isn’t what the law intended, but some people are very frightened about penalties and so forth, so they are applying HIPAA very rigidly across the board.

4 Anonymous December 4, 2006 at 8:12 pm

No, I do understand the point. I fully understand and have had to deal with the headaches of HIPAA. I understand that hospitals interpret it differently. As an employee of the hospital it was my responsibility to understand the policies of that hospital. Sounds like the hospital needs to do a little more educating of its staff. I understood and in fact signed a form stating that I understood that if I viewed my own medical record without going through the proper channels that I could be in trouble. I find it ridiculous to conclude that “HIPAA harms patients” because a nursing student has to, cry me a river, get her records from the medical records office. Tell me how this patient is harmed? Inconvenience? Surely, there are better examples to bolster this argument?

5 Anonymous December 5, 2006 at 7:24 am

Are there any actual penalties for HIPAA violations? HIPAA won’t act for any violations after a relatively short period of time (that is, if they acknowledge a complaint at all). Address a complaint to the hospital or clinic and you’re likely to get a “we did nothing wrong” letter from the Risk Managemetn JD plus a termination letter if a provider is involved.
There is fine print in the patient HIPAA brochure that says you will not be “penalized” for filing a complaint. I’ve heard Risk Managers actually debate what does and does not constitute a “penalty”.

6 Anonymous December 5, 2006 at 4:09 pm

Following up on a patient when you are no longer caring for them allows you to evaluate your care. For example, I do phone triage in a large clinic. I oftentimes look at the EMR and compare the assessment with what the patient/parent told me on the phone. Over the years, this has helped me to get a feel for what is pertinent and what is not; it’s all a part of the learning process. It also gives me an idea of the patients who tend to exaggerate.

If we compartmentalize and only look at the narrow part of the picture, that which we are involved in, it makes it more difficult to learn from our successes and failures, since we may not know what they are.

7 Anonymous December 6, 2006 at 11:43 am

HIPAA is the devil.

8 Anonymous December 8, 2006 at 7:26 pm

Anon 4:09 I have no problem with you following up to increase your learning. But what’s wrong with asking the patient’s permission before you do that?

9 Deoxy January 4, 2007 at 5:37 pm

HIPAA: proving once again that the opposite of “progress” is “CONGRESS”.

HIPAA is a solution is search of a problem. That’s what you get when Congressmen gt spoints in th media for “solutions” instead of good results.

Let us assume, for the sake of argument, that thre wer actual issues solved by HIPAA. How many?

To solve theses rare problems, we (as a society) have spent unbelievable resources: time and money that could have gone to ALL KINDS of things… things that might actually have been useful instead.

10 mike July 6, 2007 at 12:41 pm

Hey I really think that HIPAA rules and regulation had made a significant impact on healthcare organization, physician and practitioners and other entities who do falls under HIPAA compliance in keeping the patient overall health information secret and not disclosing it even at any point. More information on HIPAA rules and regulation can also be found at http://www.compliancehome.com/resources/HIPAA/

11 HIPAA compliance advisor September 12, 2007 at 4:06 am

If one needs to have a deep understanding of HIPAA and more information on HIPAA training and also HIPAA template suite along with enterprise contingency plan template suite which any organization, small or big, can use to meet their compliance requirements of Sarbanes Oxley (SOX), FISMA, ISO 17799 or any other regulation/standards requiring business impact analysis, risk assessment, disaster recovery planning (DRP), business continuity plan (BCP) and Testing & Revision of Plan, they can discover it at training-hipaa.net website by following the links given below

HIPAA Privacy and Security Certification Training
http://www.training-hipaa.net/certification_training/com_privacy_security.htm
Enterprise Contingency Plan Template Suite
http://www.training-hipaa.net/template_suite/enterprise_contingency_plan_template_suite.htm

Comments on this entry are closed.

Previous post: A reader is pissed about the growing cosmetic medicine trend

Next post: A surgeon operates on the wrong patient

Site Meter