electronic protected health information

Don’t Overthink HIPAA Privacy Rules

Ever since HIPAA Privacy Rules became finalized law in 2003, many healthcare practices have been anxious and fearful of penalties should they interpret the law incorrectly and be out of compliance. Non-compliance fines can be hefty, so it is understandable why many providers practice with apprehension.

HIPAA rules have brought a needed awareness for patient privacy, but at the same time much of the law is hazy with areas often needing legal interpretation.  According to Ronald B. Sterling, MBA, a health technology consultant, “A lot of people overthink HIPAA and take it to extremes.” (1)  When the law is unclear and healthcare professionals are worried about self-protection, staff members tend to go overboard when interpreting the rules.  And the office philosophy becomes if we want to be safe and stay compliant, we can’t tell anyone anything!  Hospitals also have this mindset created by overzealous risk managers and lawyers. The doctors with privileges at these institutions take this viewpoint back to their practice as the safe hospital-endorsed thing to do.

Interpretation errors, even when on side of caution, aren’t necessarily good for the patients and can actually infringe upon their rights.  And, the “don’t tell anyone anything” concept is keeping information from people who need and deserve to be informed.

Medcape reported that at a congressional subcommittee hearing on HIPAA last April, Carol Levine from the United Hospital Fund testified that when she took her sister to the emergency room with severe abdominal pain, even though her sister asked her to stay with her in the room, a triage nurse said, “You can’t come with her.  It’s a HIPAA rule.”  When her sister replied, “But I want her with me,” the nurse responded, “no way.” (1) Congressman Tim Murphy also testified at that hearing and spoke of provider anxiety by saying, “Fearful of new penalties for violating HIPAA, doctors and nurses were refusing to even talk about a patient’s illness with caretakers, all of whom were [professional] caretakers, spouses, siblings, or those managing the affairs of their elderly parent.” (1)

These are examples of how incorrect versions of this law can actually work against the people it was designed to protect, the patients.  Withholding information does not protect anyone and is a violation of the patient’s rights.  There are numerous resources available to help healthcare professionals understand this law.  While some questions can be answered quickly by accessing the U.S. Department of Health and Human Service’s website, the best protection comes from thorough HIPAA training. (2)

1. www.medscape.com/viewarticle/810648 (requires registration)
2. www.hhs.gov/ocr/privacy/hipaa/