Does HIPAA really protect our privacy?

As my head reels at the implications of the IRS scandal mushrooming in Washington, the IRS’s recently disclosed ability to access emails without warrant, the intricacy of the NSA PRISM wiretap techiques that includes their ability to acquire tech firms’ digital data, and even the Justice Department’s ability to secretly acquire telephone toll records from the Associated Press, I wonder (as a doctor) what all this means for the privacy protections afforded by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) in our new era of mandated electronic medical records.  Are such privacy protections credible at all?

It doesn’t seem so.

Now it seems everyone’s health data is just as vulnerable to federal review as their Google search data.  This is not a small issue.  We have already seen that discovering “leaks” of personal health information has produced some very handsome rewards for the feds, so it is not beyond reason to think that HIPAA might also be a funding tool for our government health care administration disguised as a beneficent effort to protect the health care data of our populace.

But even more concerning is the role the IRS scandal has for America’s health care system.  After all, the Affordable Care Act is ultimately funded by the IRS by administering some 47 tax provisions.  These include the right to levy a penalty against businesses and individuals who don’t provide or acquire insurance and determining how to distribute annual subsidies to 18 million people who make less than $45,000 a year and thus qualify for subsidies in buying health coverage. In addition, the agency will collect taxes on medical devices and a surtax on people making more than $200,000 a year, as well as conducting compliance audits of tax-exempt hospitals.

We are left to wonder: given the IRS’s recent actions in favor of one political party, could other aspects of our evolving health care system be similarly politically targeted?  What if the government agencies turn a disapproving eye on physician-run hospitals or independent concierge medical practices?  What if the market place emergence of a two-tier health care system is systematically crushed?  For these types of concerns we instinctually rely on a fair, beneficent government, but these latest revelations challenge that assumption.

To the political class, the ends always justifies the means.  Now, we’re seeing that the means includes stealth digital tracking, e-mail browsing, and wiretaps.

Health care data protection by HIPAA?


We should think about the far-reaching implications of what we’re seeing from our government agencies as we turn the reins of health care financing over to them lock, stock, and barrel.  Perhaps Peggy Noonan said it best:

What does it mean when half the country—literally half the country—understands that the revenue-gathering arm of its federal government is politically corrupt, sees them as targets, and will shoot at them if they try to raise their heads? That is the kind of thing that can kill a country, letting half its citizens believe that they no longer have full political rights.

Those who think this is just business as usual are ahistorical, and those who think nothing can be done, or nothing serious should be done, are suffering from Cynicism Poisoning.

In the blink of an eye, HIPAA privacy protections now seem small.

Very, very small.

Wes Fisher is a cardiologist who blogs at Dr. Wes.

Comments are moderated before they are published. Please read the comment policy.

  • doc99

    HIPAA is only for the little people.

  • heartdoc345

    HIPPAA is nothing more than security theatre. It makes people think they have privacy, meanwhile placing onerous restrictions on clinicians who actually need access to updated, accurate information.

  • pmanner

    You misunderstand.
    It’s absolutely vital that everyone connected wih patient care adhere to HIPAA to the letter. And anyone who doesn’t is a bad person and should go to jail.
    But if the government violates HIPAA, it’s for a very good reason (national security/controlling costs/making a politician look good/making an enemy of the stae look bad) and there should be no consequences whatever.
    Hope this helps.

  • Suzi Q 38

    I anything truly private?
    If you think so, you are a fool.
    I like this electronic medical record system.
    If someone accesses your file, there is a date and time stamp.
    If you are checking up on me, someone else knows you were checking up on me.
    Since I am not famous, no one cares.

  • kjindal

    the main thing hipaa protects is the sanctioned laziness of the armies of medical secretaries in hospitals, doctors’ offices, radiology centers, etc. (“no doctor, I can’t fax those results to your office because of HIPAA laws – you as a doctor should know that!”).

  • Kaya5255

    HIPAA is useless.
    Any noisy health care worker can access your records. It is impossible to monitor who and when access is granted.
    NYS State has implemented a program called HEALTHeLINK. This progrm gives unlimited access to all health consumer records by just about every and any one.
    I will not participate and have signed declination documents to that effect. I will do everything in my power to keep my private health information PRIVATE!!!