Backlash Against Overzealous Application of Patient Data Law
by Laurence Wooster | July 04, 2007
Can data be too secure?
(click to enlarge)
(click to enlarge)
The Health Insurance Portability and Accountability Act, or HIPAA, is causing frustration for people seeking medical information about family members, the New York Times reports. Many healthcare providers do not understand the law, and are overzealous in keeping details confidential, even when the persons requesting details are related to the patient.
HIPAA, as it is less-than-affectionately known, was supposed to make it easier for Americans to change jobs and keep their health insurance while improving the security of patient data. Yet the letter of the law, passed in 1996, is somewhat ambiguous. While HIPAA mandates two disclosures of data, one to the patient and one to the Department of Health and Human Services (DHHS), other disclosures are optional. A patient may object to a particular disclosure, but other than that, the discretion belongs to the provider.
This discretion has driven relatives of patients to great lengths, often times literally; the futility of telephone conversations has lead family members to hang up the phone, pick up their keys, and drive to the hospital. It has also caused healthcare providers to behave strangely, in what they think is the name of the law. According to the New York Times, fear of revealing patient information has led providers to cancel birthday parties, to refer to patients by code names, and to refuse to notify the parents of sick students. Overcautious providers have also slowed the growth of immunization registries, an important tool in fighting the spread of diseases. This is despite the fact that in the past four years, DHHS has issued no penalties for wrongfully releasing patient information.
One of the bill's original sponsors, Senator Edward M. Kennedy (D-Mass.), is taking action. Along with Senator Patrick M. Leahy (D-Ver.), Kennedy plans to propose a bill that would create a DHHS office specifically dedicated to interpreting and enforcing medical privacy laws. This comes four years after the last effort at fixing the apparently malfunctioning system, a 100-plus page knot of regulations promising "administrative simplification." At the time, Kennedy referred to the document as a "bizarre hodgepodge."
HIPAA, as it is less-than-affectionately known, was supposed to make it easier for Americans to change jobs and keep their health insurance while improving the security of patient data. Yet the letter of the law, passed in 1996, is somewhat ambiguous. While HIPAA mandates two disclosures of data, one to the patient and one to the Department of Health and Human Services (DHHS), other disclosures are optional. A patient may object to a particular disclosure, but other than that, the discretion belongs to the provider.
This discretion has driven relatives of patients to great lengths, often times literally; the futility of telephone conversations has lead family members to hang up the phone, pick up their keys, and drive to the hospital. It has also caused healthcare providers to behave strangely, in what they think is the name of the law. According to the New York Times, fear of revealing patient information has led providers to cancel birthday parties, to refer to patients by code names, and to refuse to notify the parents of sick students. Overcautious providers have also slowed the growth of immunization registries, an important tool in fighting the spread of diseases. This is despite the fact that in the past four years, DHHS has issued no penalties for wrongfully releasing patient information.
One of the bill's original sponsors, Senator Edward M. Kennedy (D-Mass.), is taking action. Along with Senator Patrick M. Leahy (D-Ver.), Kennedy plans to propose a bill that would create a DHHS office specifically dedicated to interpreting and enforcing medical privacy laws. This comes four years after the last effort at fixing the apparently malfunctioning system, a 100-plus page knot of regulations promising "administrative simplification." At the time, Kennedy referred to the document as a "bizarre hodgepodge."
