Is HIPAA Creating More Problems Than It's Preventing?

Neil Chesanow

Disclosures

September 16, 2013

In This Article

Is "Don't Say Anything" Entrenched by Now?

But will belated educational efforts be enough to restore the free flow of doctor/patient/family communication after 10 years of living with onerous organizational restrictions that go far beyond anything envisioned by HIPAA?

Or has "Don't say anything to anyone" become a meme so thoroughly infused in the culture of healthcare that advising doctors and entire organizations to lighten up at this point is apt to have little effect?

The problem is that the HIPAA Privacy Rule sets minimum national standards for protecting patient information. But there is nothing to stop a healthcare organization, or a state government, from using HIPAA standards as a basis for enacting even stricter standards of its own, even if they choke off doctor-patient communication. Changing the culture of an entire industry, even in the interest of basic good medicine, is a massive undertaking that organizations are typically slow to adopt. What would justify investment on this large a scale?

One answer may lie in congressional action. In response to Congressman Murphy's letter to HHS Secretary Kathleen Sebelius on the concerns of some states about reporting potentially violent patients who are mentally ill to the FBI's NICS database, OCR Director Rodriguez said in his congressional testimony that "we are considering creating an express permission in the HIPAA rules to permit certain covered entities to report the relevant information to the NICS."

So change is possible, at least at the federal level. But what about in the healthcare industry at large?

Murphy is skeptical that reeducation efforts alone will do the job. "If you ask a physician, 'I got a memo from HHS telling me to do this, but the hospital president and attorneys told me I'd better not,' who would you listen to?" he asks rhetorically. "This is where it may require Congress to at least pass legislation that affirmatively states those rules in clearer detail, so that it has the force of law and not just the force of a memo."

Such legislation is currently being drafted in the House. "We're sitting down in a bipartisan way," Murphy says. "It must be done in a very careful manner. How do we define this in a way that maintains privacy, but at least defines the exceptions under which the healthcare provider could disclose information and have the protection of the law on their side if they do that in good, informed faith?"

It's an question with important ramifications for everyone affected by HIPAA.

Comments

3090D553-9492-4563-8681-AD288FA52ACE
Comments on Medscape are moderated and should be professional in tone and on topic. You must declare any conflicts of interest related to your comments and responses. Please see our Commenting Guide for further information. We reserve the right to remove posts at our sole discretion.
Post as:

processing....