HIPAA's Privacy Regulations: Increased Privacy Comes at a Cost

Deeb Salem, MD


September 24, 2003

In This Article

Negative Impact on Patient Care

Besides their complexity and adverse financial impact on healthcare providers, the new HIPAA regulations may have had a paradoxically adverse effect on patient care. If misunderstood or overzealously interpreted, HIPAA regulations could actually impede the very communication that is essential to ensure patient safety.

In July 2003, we reported on patient events that took place at our medical center that were directly related to a misinterpretation of HIPAA regulations.[4] In one of these events, the care team for a patient who had undergone cardiac transplantation was notified that the organ donor had blood cultures that had revealed a bacteremia. In order to treat the recipient, our hospital's infectious disease consultant contacted the hospital that had cared for the organ donor (now deceased) to determine what bacterial organism had infected the donor. We were informed that providing such information violated HIPAA regulations -- a clear misinterpretation of the regulations.

It is important to establish that our experience reflects not a conflict with the HIPAA regulations themselves, but in their interpretation. Nonetheless, the potential for patient harm is real. Because of our interest in such hidden "costs" of HIPAA, we have received multiple correspondences about the "hassles" created by misunderstandings of the privacy rule.

One physician told us, "We've had the same problem in's next to impossible to get test results faxed to us .... from outside labs or hospitals. Consultants are reluctant to send notes, and what little communication there was between specialists care for the same patient, is even worse!"

A physician from Brooklyn, New York, wrote: "It has been virtually impracticable to obtain faxed information for patients arriving at my institution's ER from other community hospitals. I am amazed that it was not possible to open the public's eye to the unimaginable high cost in terms of delayed care and expenditure."

An article in the Washington Post August 18, 2003, "Patient Privacy Rules Bring Wide Confusion: New Directives Often Misunderstood" describes "frequent misunderstandings" of the rules, resulting in "frustration, uncertainty and anxiety in doctors' offices, clinics, hospitals and even pharmacies across the country." For example, an emergency room physician in Phoenix said, "It's more than just health care providers being unable to get the information they need to care for's patients not being able to get information, family members not being able to get information. It's across the board."

Even proponents of the rules acknowledge that "misinterpretations are rampant," although they downplay the long-term impact of the confusion. Richard M. Campanelli, Director of the Office of Civil Rights at HHS, said that the Bush administration "wanted to make sure that the correct balance was hit...that the rule would protect privacy information but not interfere with access to health care." However, critics say that concerns about how the rules would be interpreted by the courts have led many institutions and healthcare providers to err on the side of caution, which may result in delays in the flow of vital information.


Comments on Medscape are moderated and should be professional in tone and on topic. You must declare any conflicts of interest related to your comments and responses. Please see our Commenting Guide for further information. We reserve the right to remove posts at our sole discretion.