Is HIPAA Creating More Problems Than It's Preventing?

Neil Chesanow


September 16, 2013

In This Article

HIPAA Under Attack: Keep It, Change It, or What?

The Health Insurance Portability and Accountability Act (HIPAA) has been around since 1996, and the Privacy Rule, which many doctors equate with HIPAA, was introduced in 2003. Many observers say that the legislation has brought welcome and needed regulations, but others say that it's been burdensome and restrictive, and creates worsening problems.

Although experts contend that many of the most disliked aspects of HIPAA are not actually the intent of the law and have merely been overinterpreted by zealous lawyers and paranoid hospital risk managers, other aspects of HIPAA create significant problems.

The knocks against HIPAA include:

"Don't tell anyone anything." Probably the most misunderstood issue regarding HIPAA, this has resulted in unnecessarily restrictive requirements for not conveying information to people who need and deserve it;

Genuine problems with the law for mental health patients and caretakers. The potential inability to share information can be life-threatening;

Clinical trials: HIPAA creates huge obstructions for biomedical researchers, who need access to large numbers of patient records to assess the efficacy and safety of new drugs and other research priorities;

The HIPAA Omnibus rule, with which physicians must comply by September 23, significantly lowers the bar for breach of patient confidentiality, particularly with electronic health records (EHRs) and transmission of data. Now, patients do not have to prove "harm" for a breach to have occurred; the mere unauthorized viewing of patient records, which physicians are obliged to report to federal authorities if it involves 500 or more patients, constitutes a breach;

It has been claimed that HIPAA stifles innovation, particularly in the burgeoning field of mobile health, where designers of portable devices and apps that collect and wirelessly transmit patient data are having trouble meeting HIPAA's privacy and security requirements.

Given all these issues, what should be done with HIPAA? What's right about it?

Making Life More Difficult?

Matt T. Rosenberg, MD, a family physician at Mid-Michigan Health Centers in Jackson, Michigan, is one of many doctors chagrined about what he feels are the burdensome privacy restrictions of HIPAA, which often interfere with important doctor-patient communication.

"We used to send reports to patients by mail," Rosenberg says. "Unfortunately, since we cannot guarantee who will open them, we cannot do this anymore. This is a problem for some of our older patients who do not use email and depend on their regular mail. We call them now, but that does add a layer of complexity."

Matthew L. Mintz, MD, Associate Professor of Medicine at George Washington University School of Medicine in Washington, DC, also believes that the Privacy Rule makes life more difficult for him and his patients. "While I understand that email is not secure," he says, "it is unclear to me that the level of security required by HIPAA for online communication is necessary. It serves as a barrier to this type of communication that patients so clearly desire."

Paul G. Auwaerter, MD, Professor of Medicine and Clinical Director of the Division of Infectious Diseases at Johns Hopkins School of Medicine in Baltimore, Maryland, has concerns about the Privacy Rule as well. "HIPAA does give me pause at times when family members inquire about a patient, but I have to get paperwork, even though I know the patient has no problems with the request," he says.

Regarding everyday work processes, "HIPAA is definitely is a factor," Auwaerter is convinced. "However, I cannot see a way out without a formal declaration to safeguard. I will say that the threat of substantial fines looms, although I do not have good examples of individuals who have been affected."


Comments on Medscape are moderated and should be professional in tone and on topic. You must declare any conflicts of interest related to your comments and responses. Please see our Commenting Guide for further information. We reserve the right to remove posts at our sole discretion.