Patient Privacy:Delusions and Dangers

If you like alphabet soup, take a spoonful of professional codes of conduct, decreed by our lawmakers, FERPA and HIPAA. These two confusing laws have caused enormous confusion despite their good intentions. The first, the Family Educational Rights and Privacy Act, the college confidentiality law passed in 1974 is often misinterpreted as prohibiting faculty or staff from sharing student information with one another or family members. Yet according to Peter Lake of Stetson University quoted in the New England Journal of Medicine, (NEJM 357;2:109, July12,2007) FERPA restricts only discussion of a student’s academic record, Not information about strange behavior or illness.

A recent tragic example is the mass murders at Virginia Tech. Two female students, complained to campus police that he was stalking them, an English Professor threatened to quit, and some students found him so menacing they refused to attend class with him. Yet Virginia Tech, like other colleges trying to help emotionally troubled students, thought they had little power to report Cho to the police or force him off campus and into therapy.

College counseling centers as well as experts are confused and some claim they are prevented by HIPAA, the Health Insurance Portability and Accountability Act of 2003, from sharing information about a student without his permission. What about doctors, even hospitals and ER’s, in their confusion over the complexities of the law, who fear sharing your medical information without your signed consent in a medical emergency? Did you hear the story about the patient who died in the ER because his doctor refused to give essential information about the results of a cardiac cath over the phone? How unbelievably complex it is to legislate patient privacy without allowing exceptions for treatment, billing, charting, record keeping, quality assessment, even marketing. No wonder healthcare workers, let alone patients, -even the judiciary-are confused.

The Philadelphia Inquirer reported that Judge Theodore A. McKee of the U.S. Court of Appeals scratched his head in frustration and asked the government’s lawyer to explain again who, exactly, is entitled to see a patient’s private medical records under federal law? The U.S. Department of Justice lawyer, hesitated for a second and McKee pounced: “If you’re not sure what the rights of patients are, how is Miss Williams down the street, at age 89, supposed to know.”

Both patient and privacy advocates, describe HIPAA as forcing Americans to choose between access to medical care or control of personal medical information. But when it comes to secrecy in the Internet Age allowing us access to unlimited information world wide can we even taste the solitude of the past when all we had were libraries and telephone books? Was it one of the founders of Netscape who wondered if true privacy still existed?

I’m not against HIPAA, but have one question for the legal experts: When your medical chart can be examined by anyone who arrives on your hospital floor or doctor’s office, including but not limited to doctors, nurses, dietitians, transporters, orderlies, housecleaning, and visitors, where’s the beef?

2 Responses to “Patient Privacy:Delusions and Dangers”

  1. Mike says:

    As it is know to everyone that every coin has two sides and same applies with many policies along with the HIPAA policy. No doubt that the HIPAA policy has been brought in for protection and safety of individual’s EMRs, but when the situation like you have mentioned above arises the negative side of HIPAA pops up.

  2. If one needs to have a deep understanding of HIPAA and more information on HIPAA training and also HIPAA template suite along with enterprise contingency plan template suite which any organization, small or big, can use to meet their compliance requirements of Sarbanes Oxley (SOX), FISMA, ISO 17799 or any other regulation/standards requiring business impact analysis, risk assessment, disaster recovery planning (DRP), business continuity plan (BCP) and Testing & Revision of Plan, they can discover it at training-hipaa.net website by following the links given below

    HIPAA Privacy and Security Certification Training
    http://www.training-hipaa.net/certification_training/com_privacy_security.htm
    Enterprise Contingency Plan Template Suite
    http://www.training-hipaa.net/template_suite/enterprise_contingency_plan_template_suite.htm

Leave a Reply