These days, when it seems we can’t open the news without finding out about another data breach (cue Meta and dozens of data breaches), it’s a relief to know that personal medical data is fiercely guarded by law.
The Right to Privacy
Facebook data is one thing, but if someone has undergone a hernia procedure, had prostate issues, or even psychiatric consultations, they would not want that information accessible to just anyone. This is an indisputable entitlement to protect human dignity.
However, from a medical business point of view, HIPAA can be challenging. Staff working in medical offices and hospitals are constantly tiptoeing around HIPAA stringencies and there’s a slew of minutiae connected to the law that are easy to inadvertently violate.
Ironically, HIPAA — a law that was technically designed in the best interest of patients — might actually be making caring for patients more difficult and cumbersome than necessary.
Dr. CliffsNotes: A Brief History of the Establishment of HIPAA
So how did we get here? Today, HIPAA is the poster child for privacy, but when President Bill Clinton signed it into law in 1996, it had little to do with privacy. It was designed to modernize health information flow electronically and limit how health plans could use pre-existing condition exclusions.
It was only in the year 2000 that the Privacy Rule, which set standards for —what became the now commonly used term “protected health information” (PHI) — was added.
Not until 2003 did the Security Rule establish nationwide standards for protecting electronic PHI’s confidentiality, integrity, and availability. Fast forward to 2009 when the notorious Breach Notification Rule came into effect, and finally the Omnibus Final Rule that became effective on March 26, 2013. These last two rules have had a drastic impact on the way medical practices and healthcare facilities operate.
Why Is HIPAA Necessary?
With the advent of the internet, and particularly social media, data sharing has proliferated into everyday life. Along with this comes the increased potential for people’s private health information to be shared.
As of January 2017, there had been around 35 cases of healthcare employees sharing information/photos of patients in embarrassing situations on Snapchat, which is pretty gruesome. Given the medical staff’s ability to access this information, there must be a set of laws and guidelines to prevent hospital employees from abusing their positions and their patients.
More than this, hackers’ ability to infiltrate data systems is a serious threat. As technology gets more sophisticated, so do hackers — as is evident by the countless data breaches in the past few years. So, while it’s true that stringencies with HIPAA are only increasing, it’s simply in an effort to fend off these types of infringements.
Has HIPAA Gone Too Far?
On the flip side, with HIPAA laws becoming more and more stringent, it is very difficult to access and share important patient information — even in a hospital setting. Yes, even in a hospital, (depending on the medical record system used), sometimes only limited patient information can be shared, and when it is shared, it’s often not completely updated – and this can lead to lapses in patient care.
For example, if care workers (nurses, PAs) don’t have access to the patient’s full medical record – including drug information or allergies — they might lack some crucial information necessary to tend to patients effectively. This could lead to wrong or inappropriate medications being administered, re-ordering of tests that may have been performed already, or making treatment decisions without a full picture of the patient’s history.
The HIPAA In the Room?
On a day-to-day basis, hospital staff are just trying to do their job and are often hindered by not having access to the information they need. But truth be told, HIPAA is not the only reason.
According to a report in Reuters, as of 2015, fewer than a third of U.S. hospitals can find, send, or receive electronic medical records for patients who received care in another institution. So, it seems this issue is not exclusively due to HIPAA, but also the lack of interoperability between systems in healthcare across the US.
“What this means is there is potentially a significant amount of waste and inefficiency in hospitals,” said lead study author Jay Holmgren of Harvard Business School in Boston. Efficiency is certainly one issue, but the even larger issue is that staff may be unable to provide first-rate care due to a lack of information they need.
The fact that in 2018, medical records are not always available in a hospital setting and patients or their families have to tote paper copies of their records (which they have to pay for) from doctor to doctor and hope that nothing gets lost on the way, is almost a joke.
Surely, this is something that should be standard in a country where billions of dollars are spent on healthcare annually.
Dying for Privacy? Striking A Balance.
When the right to privacy can outweigh the ability to provide excellent patient care or even the right to common sense, the question of how HIPAA laws are established needs to be raised. Everyone involved in caring for a patient should be able to access all the information they need to ensure their care is exemplary.
As technology gains traction in healthcare, balancing compromised healthcare and the right to privacy is no easy feat. With our lives being increasingly lived in the open, perhaps it’s time to rethink just what levels of privacy we want and need to make sure the laws help rather than hinder treatment.
