Fearing HIPAA: My patients are getting worse care

Dear HIPAA:

I’m sure you get a lot of hate mail, especially from folks in my profession, so when you got this letter from me you probably assumed it was more of the same.  Let me reassure you: I am not one of those docs.  I do think patient privacy is important, and actually found you quite useful when facing unwanted probing questions from family members.  I believe the only way for patients to really open up to docs like me is to have a culture of respect for privacy, and you are a large part of that trust I can enjoy.  Yeah, there was trust before you were around, but that was before the internet, and before people used words like “social media,” and “data mining.”

But there have been things done in your name that I’ve recently come in contact with that make me conclude that either A: you are very much misunderstood, or B: you have a really dark side.

The first situation has to do with my newfound infatuation with communication in health care.  I believe that the tools afforded by the Internet tubes could really change care for the better; in fact, I think they could allow systems of care that could totally disrupt our malignant sick-care, cash-care system.  I’ve found ways to communicate that you would approve of and have shared them with my patients.  They love it.  They love to connect with me while they have problems instead of paying for a visit and waiting in the office for a few hours for my help.  It’s been really fun to see their enthusiasm.

So what’s the problem?  It’s the doctors.  Even though this communication system would allow them to give better care, allow us to collaborate without hassle, and bring back some of that “doctor’s dining room” collegiality we’ve lost, these doctors are afraid to use it.  No, they are terrified.  Asking them for their email address is taken to be as brash as asking for their credit card number or their wife’s cell phone number.

I can see it on their faces: they picture headlines about doctors being sued millions for stolen laptops with patient files on them.  They hear the ravings at conference warning against the use of email for patient communication and the perils of using social media.  They see me as a temptress trying to lure them into the dangerous online neighborhood, full of federal agents waiting to pounce, lawyers eager to sue, and journalists anxious to put their photo on the front page of the paper.  Well, maybe the electronic version of the paper, but I was using a figure of speech.  Nobody reads the paper version any more.

The point is, my patients are getting worse care because of this fear.  I can’t send a message to consultants explaining why I am sending them the patient, so they make a guess and order extra tests.  I can’t put my thoughts together with a colleague on a mutual patient with a difficult problem.  All I get are forms to be filled out and faxed (although who knows where that fax as been?) and faxed notes with bits of information hidden under layer upon layer of E/M coding bubble-wrap.  It’s worthless.  It’s not communication at all, and it hurts my patients.

The second circumstance is more personal.  When I left my practice last fall, I left behind 18 years worth of patient records.  Those are records documenting my decisions, my though processes, and my care of my patients.  Sure, they weren’t the prettiest notes around, but they represented a lot of thought and care.  As I was heading out on my last day at the practice I was notified that, upon leaving, I would not have access to these records.  It seems that, despite the fact that these are records I personally wrote about my own interaction with my patients, I would be violating you if I looked at them.  This information is the property of the practice, and allowing someone who was no longer a member of that practice to view them would bring down swat teams of federal agents within seconds.  This, at least, was the opinion of the practice’s legal counsel.

Having just gone through a divorce, I had no desire to argue with my ex’s lawyer, so I took it like a soldier.  I figured I’d just get information sent to me when I needed it.  In fact, I came upon another very secure solution to make this process easy and efficient.  But alas, the ex wanted nothing to do with my newfangled way of doing things, instead resorting to the high-risk behavior of faxing records (who knows where those fax machines have been?).  As fate would have it, our faxes didn’t get along well, causing them to inundate me with duplicate faxes, a veritable torrent of TIFFs, a plethora of PDFs.  This has made it next to impossible to get records on my patients, making care of them much, much harder.  These are not just any records, they are my records of my care for my patients! 

Say it ain’t so, HIPAA!

Do you really keep doctors from their records?  Do you really keep patients from good care?  Or is this simply a culture of paranoia that has propagated on ignorant doctors by fear-mongering lawyers, lecturers, and office administrators happy for the chance to intimidate the consummate intimidators?  Yes, flaunting medical records to anyone who throws you beads is a bad practice that will lead to regret in the morning, but preventing communication kills.  I thought better of you.  I thought you were there to protect people from careless talk, from snooping employers, and from front-office gossips.

So, I ask, is it you or is it those who wish to slander your name?  Are you a tool to protect, or are you a gag in the mouth of good care?

I anxiously await your reply.

Dr. Rob

Rob Lamberts is an internal medicine-pediatrics physician who blogs at More Musings (of a Distractible Kind).

email

Comments are moderated before they are published. Please read the comment policy.

  • Guest

    “They hear the ravings at conference warning against the use of email for patient communication…”

    As the ACLU and others have recently reported, the IRS and other government organizations can and will paw through citizens’ email troves without bothering to get a warrant.

    Being that the IRS and other federal government agencies which are allegedly non-partisan and supposedly would never ever ever misuse the information they’re granted access to, have not really covered themselves in glory lately, unless my correspondents are happy to use encryption systems such as PGP, electronic communication containing any of my personal details is out of the question. Just as in the bad old days of GOP administrations, the government is again using a federal agency to target its “political enemies” using any sensitive data it can find and warehouse. Count me out of gifting them any more ammunition against any US citizen than they already have.

    *sources: google
    cnet+aclu+irs+Americans+enjoy+generally+no+privacy+in+their+e-mail+messages
    and
    ACLU+Reading+Emails+Without+Warrant+Likely+Extends+Beyond+IRS

    • bill10526

      Senator Kennedy is already dead, so hanging him in a public square is impractical. But HIPAA is, with ADA, horrible law.

      But please ease up on the conspiracy theories against the IRS. It was the IG and not the IRS workers who erred. There is nothing wrong with organizing work to ensure consistent treatment and to ease responding to the steady stream of letters from the congress. The IG had no document or testimony to support his accusation that the IRS targeted anybody. Our President erred terrifically, as he often does, with respect to law, in filling in a scenario that he could rail against.

  • LeoHolmMD

    HIPAA has almost nothing to do with protecting patients or facilitating patient care. HHS, the insurance industry, large hospital systems and employers are having a hay day with all the data mining that is now allowed under HIPAA. This law is designed to reinforce corporate power at the expense of patient care. The Pentagon can’t even protect its sensitive information. Do you really think your sensitive health information has a chance…on our backwards, work in progress, Pac Man like EMRs? Good shot, Dr. Rob.

  • Gregory Dursteler

    I think it would be interesting to contrast how the U.S. handles patient privacy vs. other countries. Perhaps there is a legal framework abroad that would be better than the one we currently tolerate here.

  • Carol Wright

    From a patient’s family member point of view..and long experience hanging around a nursing home…”liability phobia” I’d say is a number one cause of neglect and poor care. Missed signals. For instance, I was stopped from trimming my mother’s fingernails, which were grossly long, as were most patients. Mom was slicing herself badly. She was now covered in pads. “The nurse has to do it.” WELL?? They then do NOT do it. AND they could not trim toenails. A podiatrist has to cut toenails. WELL, where is that nurse…and where is the podiatrist. Finally, I guess the doctor had to be notified to have the podiatrist come in to trim mom’s claws. I happened to be there.

    “Could you trim Mom’s fingernails?”

    “My license does not allow it. I’d lose my license.” Two minutes, and forty dollars richer, he left. Mom sitting there with her sliced arms and legs and long fingernails.

  • SBornfeld

    I hope some astute legal minds will comment. I understand the paranoia, but I suspect many of these concerns are overblown.
    Sale of a practice (for example) was covered in the risk-management course we must periodically take in our state. Most of these rules pre-date HIPAA, and concern paper records. Most of them are common sense. Provisions were made (for example) for giving the patient constructive notice of the change in ownership, and opportunity to copy and/or have records transferred on request.

    If I receive written order (from an attorney, for example), with a properly-executed release, I transfer records. (No, not by e-mail).
    I have not heard of a single case of a doctor being prosecuted because he/she picked up the phone and communicated with another specialist in whose care the doctor shared.
    The law IS complex and daunting–I suspect many of these organizations that will make you “HIPAA compliant” exploit the hysteria.
    Reminds me of what it was like when OSHA first came in–we were all going to federal prison if we didn’t have good enough eye-wash stations in every room. I think all those doctors are just sittin’ there on the “group ‘W’ bench”.
    This doesn’t mean I don’t take privacy and electronic communications seriously. I just think it’s hard to believe the hysteria isn’t way overblown.

  • PJ Dew

    You can share medical information to other healthcare individuals if they are a consulting doctor/ER/etc. Whenver I send a patient ot the hospital, we fax all of their history, labs, etc., as well as call with a report. That is allowed b/c they are a consulting facility. People really don’t understand all the rules of Hippa, which is what causes most of the problem. In order for it to apply, it has to be an INTENTIONAL disclosure of private information, not a stolen laptop.