In the name of patient privacy, a security guard at a hospital in Springfield, Missouri, threatened a mother with jail for trying to take a photograph of her own son. In the name of patient privacy, a Daytona Beach, Florida, nursing home said it couldn’t cooperate with police investigating allegations of a possible rape against one of its residents. In the name of patient privacy, the U.S. Department of Veterans Affairs allegedly threatened or retaliated against employees who were trying to blow the whistle on agency wrongdoing.
When the federal Health Insurance Portability and Accountability Act (HIPAA) passed in 1996, its commendable provisions included preventing patients’ medical information from being shared without their consent and other crucial privacy assurances. But as the litany of recent examples shows, HIPAA is open to misinterpretation, and sometimes hospitals use the law to protect their interests instead of patients’.
A Common Misconception
“Sometimes it’s really hard to tell whether people are just genuinely confused or misinformed, or whether they’re intentionally obfuscating,” said Deven McGraw, partner in the healthcare practice of Manatt, Phelps & Phillips, and former director of the Health Privacy Project at the Center for Democracy & Technology.
A frequent health privacy complaint to the U.S. Department of Health and Human Services Office of Civil Rights is that health providers have denied patients access to their own medical records, citing HIPAA. In fact, this is one of the law’s signature guarantees.
HIPAA Invoked Incorrectly
HIPAA can be incorrectly invoked due to the lack of knowledge of the rules, leading to situations where an institution takes unnecessary measures. Understanding the specific provisions of HIPAA is crucial, as there should be a balance between patient privacy and maintaining the best interest of patients.
In 2005, when investigating a train derailment in Glendale, California, for the Los Angeles Times, some hospitals were uncooperative, citing federal patient privacy laws, while others offered to contact patients and ask if they were willing to talk to a reporter. It was clear that the hospitals that cited HIPAA simply didn’t want to ask patients for permission.
HIPAA Violations and the Consequences
Hospitals that cited HIPAA when refusing access to records or impeding police investigations are misunderstanding the allowances under the rules. HIPAA rules actually allow police officers investigating crimes and whistleblowers sharing information with government authorities access to medical information. However, many departments and hospitals impose restrictions blocking access, citing the rules and fearing repercussions.
It’s vital that healthcare providers understand HIPAA provisions to prevent any misunderstanding that could lead to serious implications. Mistakenly using HIPAA as a reason to block access could damage the trust between patients and healthcare providers, making it necessary to ensure knowledge and transparency in the rules governing patient privacy.
In conclusion, while the HIPAA rules were set in place to protect patients and their medical information, misinterpretation of these rules occasionally works against the best interests of the patients. To guarantee patient privacy without compromising their well-being, it is essential for healthcare institutions and professionals to be well-versed in the specifics of HIPAA provisions.
