If you work in healthcare, the initials HIPAA make you gag. If you are not in healthcare, you are probably unaware of this 2000-pound hippopotamus that you are supporting.
HIPAA stands for Health Insurance Portability and Accountability Act (of 1998). In the early 1990s, there was extensive corporate downsizing, reductions in force (RIF) were common events, and people lost their insurance along with their jobs. The initiating stimulus for this legislation was to make insurance portable, hence the "P" in HIPAA: you could take your insurance with you when you left your job. Gradually, the transfer of medical information became the focus. In this time of the Patriot Act, confidentiality and security were (and remain) king. Eventually, the original problem of loss of medical insurance was completely "lost" and forgotten.
HIPAA now sets forth guidelines about protection of personal medical data. It hints at dire consequences if medical confidentiality is broached. HIPAA produces defensive behaviors by both individuals and institutions to avoid governmental wrath. Examples include the following.
• Shields in your dentist's office prevent you from seeing the computer screen.
• Hospitals charts have no names on outside.
• Each year, millions of useless hours are spent doing HIPAA Compliance Training.
• I am prohibited from emailing medical information to a colleague, any colleague.
• It is impossible to be in compliance both with HIPAA and the Patriot Act.
In a contest between sharing medical information, and (supposed) protection of medical confidentiality, the latter has won hands down. Every hospital lawyer and a host of regulations make it difficult-to-impossible to do something that should be free, easy and encouraged: communication between medical caregivers.
What about the cost? The direct financial cost is in the hundreds of millions of dollars each year. No one has a clue about the indirect costs, such as errors because of confused or incomplete communication; inability to learn because information is sequestered; and lawsuits either for releasing protected information or for NOT releasing needed information. Guess who pays for HIPAA the hippo. You do. What do you get for all the money, mistakes, hassle and frustration?
We all know how hard it is to reverse a decision that has already been implemented. This is particularly true of Congressional Acts, which seem to be unkillable. Nonetheless, if there ever was law that needs to go away, that has proven to have a huge cost - in money and system disruption - for virtually no gain to anyone, it is the Health Insurance Portability and Accountability Act. Shoot HIPAA the hippo.
Follow Deane Waldman on Twitter: www.twitter.com/systemmd
Of course, we all want our medical records to be confidential. But Hippa is mostly a lot of worthless red tape. Your privacy is no more secure; as with most red tape, those that deal with it know how to get around it, if they want to.
Aside from many hours of time-consuming, useless paper-work, it is also often a barrier to actually providing good medical care.
As a medical receptionist FAXing things every day, you experienced the contradiction of HIPAA that says you must read medical information without your name on the consent form, and the Patriot Act that requires you to read everything you FAX. Talk about a conundrum!
Another story was when young man came in, visibly distraught and sick, wanted to see a doctor, claimed to be 18 years old, had falsified his ID; he was actually 16. I almost got fired when it was discovered that he was under 18, and hadn't had parental consent. He needed to be seen for infected anal lesions, which were likely caused by rape or sex traded for drugs, as he had been using a variety of illegal substances, including crack, but we (at the clinic) didn't find that out until a week later, when he committed suicide, and his Mother called to say that she appreciated that we had been so nice to him, her only child.