by Brian L. Grant MD
That HIPAA is misunderstood is an understatement. As this article in The New York Times describes, HIPAA is used as an excuse for absurd interpretations and ultimately a denial of rights to communicate by non-covered entities, a refusal to receive information from family members, churches who erroneously believe they can no longer share the fact that a congregant may be ailing, and other forms of nonsense.
If I had a quarter for every person who made declarative but incorrect statements about HIPAA, it would buy a lot of coffee, and some pastries to boot!
The goal of HIPAA is to maintain the privacy of medical information. But many questions remain. For example, why is unencrypted email apparently unacceptable but a fax is OK, though many senders or recipients of faxes send the faxed documents as Internet attachments? Is an email less secure than the US mail, which could result in a piece of paper lying on a desk in plain sight of the wrong people? I imagine that if the NSA or North Korea has an interest in the files of a medical practice, they may view them with minor effort. But does encrypting email actually solve a problem of files being compromised? The reality is that unencrypted email use is not prohibited. What is prohibited is accessing and reading such information by an individual or more who are not authorized. That raises the theoretical concern that people with time on their hands at Yahoo or Google are opening and viewing emails containing PHI (protected health information).
Protecting medical privacy is important and HIPAA is well-intended and to the degree it compels the profession to establish guidelines, training and evaluating of who and how one shares medical information, it is a good thing. But we have a ways to go to achieve clarity, reduce barriers to good care, and maintain compassion along with common sense.
The whole issue of HIPAA has become corrupted beyond original intent. The proposals were initiated during the Clinton years as a way to prevent dissemination of confidential and potentially embarrassing personal health information. The stimulus was in fact HIV patients but realistically included psychiatric diagnoses and criminal or drug related illness. It was also ONLY to cover internet/electronic information. Enter the attorneys: producing monumental expansion of what is to be covered so that in fact any health information needs patient approval to be released. Is it embarrassing or potentially harmful that someone finds out you need eyeglasses, or have a common cold or had a heart attack? The stand off lines a pharmacies border on the ridiculous. You are picking up your insulin and need the privacy that a 5 foot space affords? As practiced now, HIPAA poses a barrier to effective medical care with the reluctance of medical personnel to pass on information which may be needed by another practitioner to provide effective care. Note also that HIPAA does not apply to insurance companies and governments who can pass along whatever information they have to whoever is in their food chain without clearance from the patient.