While medical conditions are just that, medical conditions, they often come with a negative, unwarranted and demoralizing social stigma. Diagnoses and medical conditions such as HIV, AIDS, drug and alcohol addiction, STIs, mental illness and abortion make many people vulnerable to discrimination in employment, insurance, and financial and social services.
This is why there is a compelling need for the strictest of confidentiality of medical information. However, legal guidelines governing this issue with regard to health care providers can be precarious, abstract and insufficient. Vague policies have too often left individuals in undeserved and further traumatizing circumstances.
One such incident involves "Alex" (a pseudonym), whose experience with the University of California at San Diego I blogged about recently.
In disease-specific clinical settings, like an HIV clinic, for example, a clinic that only provides care and treatment for one type of medical condition, is it reasonable to assume that a patient in this setting may suffer from HIV and AIDS?
In order to gain a better understanding of the Health Insurance Portability and Accountability Act (HIPAA), its efficacy and how well it is practiced, I decided to take a deeper look into the policies and procedures of some of the nation's most prestigious medical institutions. I was not surprised to discover that they were much more sensitive to their patients' need for privacy than the Owens Clinic at the University of California at San Diego.
For example, at Johns Hopkins' Moore HIV Medical Clinic, patients are called to the treatment area by last name only. Yet in Alex's experience with Owens Clinic , his full name was used in the waiting room, despite his request that only his first name be used, to protect his privacy. This resulted in a situation where a person present in the waiting room of the clinic located Alex's Facebook profile and propositioned him. When Alex rejected him, he threatened to disclose Alex's HIV status to Alex's family and social circle.
The University of California regents, however, have refrained from apology or acknowledgment of any contributing responsibility for Alex's experience and multiple similar complaints by other patients, and suggested that Alex delete his Facebook profile.
At the Avel Gordly Center for Healing at Oregon Health and Sciences University (OHSU), which treats alcoholism, drug addictions and other dependencies, there is a specific protocol to protect patient identities. In an interview, Clinical Director Danette C. Haynes, LCSW, described the policy for patient waiting areas:
When retrieving clients from the waiting area, we usually just step in and wait for the client to see us, or we just call them quietly by their first name. We are also careful not to ask how they are doing while in public areas, as they may begin to share sensitive information rather than a routine greeting.
Given some of the federal HIPAA guidelines on incidental disclosures, it appears that OHSU tends to go above and beyond what is currently considered good practice in keeping patients' medical information confidential.
In Los Angeles the Sidelle Medical Center, operated by the AIDS Assistance Foundation (AAF), is perhaps the nation's newest HIV and AIDS medical clinic. The free clinic offers HIV primary medicine along with yoga, reiki, dental care, chiropractic medicine, and acupuncture. In an interview with Dr. Joseph Cadden, a member of the AAF board, I asked him to describe the clinic's policy of calling patients from the waiting room to the patient treatment area. He explained:
Besides the fact that the staff knows almost every patient that walks through the door, they only call patients by their first name. If by some chance there are two patients with the same first name in the waiting room, the staff will mention the appointment time with the first name to try and differentiate the two patients. If all else fails, the staff will take the patient back into an exam room and verify information such as birth date to make sure it is the correct patient.
I asked Dr. Cadden an additional question: If you were called upon by law makers to offer your opinion on HIPPA regarding the matter of calling patients by their full name, what would you advise? He said:
At Sidelle Wellness our clients' privacy is of paramount importance. In the information age it takes very little to gather background and other personal details. Our clients and patients trust us with their health and well-being, and we want to honor that trust.
Further, Dr. Cadden emphasized his understanding of the importance of sensitivity for those already in delicate and vulnerable position:
An institution caring for individuals (especially those stigmatized by society for a medical disease) should do so in as caring and compassionate a manner as possible. We intend to monitor all of our practices, and when we see that improvements can be made, we intend to be professional enough to recognize it and make the necessary changes.
In an interview with Jennifer Coburn of Planned Parenthood of Southern California, an organization that, in addition to providing women's health services, also services a great many members of the LGBT community by providing rapid HIV testing and STI screening, I asked for her thoughts on protecting patient identities, the need for stricter regulations for patient waiting areas, and whether a high-risk patient population could be deterred from seeking needed medical care if they feared that their identity could be unintentionally obtained from clinic staff or procedures. This was Coburn's response:
Confidentiality and protection of privacy is one of our core values. We want people to know that when they come to our centers, they can trust us with sensitive medical information. Fear can be a deterrent from seeking care, so we are committed to ensuring every patient's privacy. We have worked hard to earn the trust of our patients and our community. One in three households in San Diego has a former or current Planned Parenthood patient, which reflects that we are a name synonymous with high-quality, confidential care.
Any time there is the perception that private medical information could be disclosed or confidentiality might be violated, there is the risk that patients will be deterred from seeking critical care. At Planned Parenthood creating access to care is important to us, which is why we pride ourselves on maintaining the gold standard for patient privacy.
So how can Alex's situation be prevented from happening again? In an interview, Rachel Seeger of the U.S. Department of Health and Human Services' HIPAA office in Washington, D.C., said:
The HIPAA Privacy Rule Minimum Necessary Requirement could be changed by an act of Congress. However, these things can also take time. Usually, incidents like these are used as a teaching moment with the medical institution or facility.
When I asked her if a state could create stricter HIPAA requirements than provided by the federal government, and whether or not a state could make it illegal to use a patent's full name in patient waiting areas, her response was, "Of course a state can make federal laws stricter."
Armed with this information, I approached several California lawmakers to ask them to consider enacting stricter guidelines for high-risk patient populations, and I asked them to respond to the statements made by Haynes, Cadden and Coburn, as well as to part 1 of this blog post.
State Sen. Marty Block (D-San Diego) said:
Our medical information should be held in the highest confidence. The stresses that accompany a health concern -- questions about one's well-being, financial or job worries, the impact on loved ones -- should not also be accompanied by fear of the negligent disclosure of health information. Apprehension about the thoughtless disclosure of a medical condition, even if unintended, could cause a patient to delay seeking treatment. That threatens the patient and even the well-being of others. To adequately reassure patients about their privacy, we must ensure thoughtful policies, adequate compliance and proper training of health care staff and personnel.
State Sen. Ricardo Lara (D-Long Beach) said:
The trust between a doctor and his patient is sacred, and private medical information should be well-guarded, regardless of that person's infirmity, and frankly because of it.
San Diego County Supervisor Dave Roberts (Third District) stated:
Ensuring patient confidentiality is now even more critical because we are in the information age. Patient information is stored on computers. Information sharing is everywhere, and mistakes can happen. Every level of government and private industry must take extra steps to provide protection. Information Technology departments should also be information-protection departments.
Roberts warned of one of the dangers of any compromise in the security of patient information:
The worst thing that can happen is that patients begin to distrust hospitals or clinics, and begin to question whether they should seek treatment because of how a leak could affect their lives.
State Sen. Ted W. Lieu (D-Torrance) said:
Patients have the right and expectation that their privacy will be protected. Any medical provider that insists on identifying patients publicly by their first and last name in a sensitive setting is engaging in a callous and harmful practice. Those practices need to stop.
California State Assemblyman Tom Ammiano (D-San Francisco) said:
I have known so many people with AIDS and HIV that I can't help but care about the stigmas and privacy challenges that come with diagnosis and treatment. Treatments for AIDS, mental health, addiction and family planning all need to include strong privacy protections as part of compassionate care. Patients have enough to worry about without thinking someone will find out who they are and invade their privacy.
California Assembly Majority Leader and former Planned Parenthood board member Toni Atkins (D-San Diego) had this to say:
Protecting patient privacy is a high priority under federal law because it is critical to ensuring that patients feel comfortable seeking the treatment they need to protect their health and enhance the quality of their lives. It only makes sense for us to continually review patient confidentiality policies so that the highest level of professionalism and the adoption of best practices can be ensured in all health care settings.
The medical community has an obligation to protect all patient information, especially those seeking medical services for an already particularly stigmatized diagnosis or condition such as HIV, mental illness or drug addiction, among others.
No patient should fear seeking medical treatment of any kind, and a civilized society must remove any perceived barriers to care.
Every patient is entitled to the safe protection of his or her personal medical information. That is why I call on state and federal lawmakers to create stricter medical information policies for high-risk patient populations.
The staff of the Owens Clinic and all medical professionals are both ethically and legally obliged to uphold this standard. The medical community should also be vigilant and willing to revise medical information polices when needed. Both lawmakers and we, the consumers of health care, should ensure that they comply to this standard.
Note: As a result of the blog post written about Alex's situation, two California senators are considering a new bill on patient privacy for the January 2014 legislative session. Special acknowledgment to Jennifer Coburn, Jim Newman, Dr. Joseph Cadden, Myrna Zambrano, Ray Sotero, Lizette Mart, Carlos Alcala, John Weil, Heath Hines and Gary J. McDonald.