Thursday, May 30, 2013
Are Health Care Providers Deliberately Misunderstanding HIPAA--And if So What You Can Do About it?
Ever since HIPAA was implemented in 2002, it has been used by health care providers to make life more difficult for patients by preventing their family members from being with them in care areas and by refusing to share information with those the patient wants to be kept informed. This has caught the interest of the U.S. House Energy and Commerce Sub-Committee has been holding hearings into various consumer issues regarding HIPAA. I think this review is long overdue--and that HHS is well aware of how providers are misusing HIPAA. The problems are so prevalent that the HHS website actually has a myth-buster section.
So what can a family do? A good step is to be skeptical when told that something is being done "because of the law." As I have explained again and again to health care providers and lawyers, “If you think something that a) the patient or his family wants or b) is in the best interests of his care is prohibited by HIPAA, you don’t understand HIPAA.” Ask for clarification from the hospital's lawyer--will you get that person on first call? Maybe not, but be persistent.
Inform yourself on the HHS website. There is also a very useful FAQ section that addresses questions like, “is it illegal for a family member to pick up a prescription for a patient” (no) and It starts with an over-all statement of principle: “The Privacy Rule provides federal protections for personal health information held by covered entities, and gives patients an array of rights with respect to that information. At the same time, the Privacy Rule is balanced so that it permits the disclosure of personal health information needed for patient care and other important purposes.”
Moreover, there is no provision in HIPAA that requires or allows a health provider to step in as “guardian of privacy” for a patient who is not conscious or competent. When there is an identifiable surrogate decision maker, that person can make any decision about disclosure that the patient could have made himself. And, no, there need not be any written document expressly allowing sharing of information with the surrogate. Moreover, if a person has legal authority to make medical decisions, then he is entitled to review the medical records so that the decision can be an informed one.
At this point, more than ten years later, it’s reasonable to wonder if some of these “misunderstandings” are fostered by the fact that they make things easier for the providers in that it limits time consuming questions—like, “why isn’t my mother receiving pain medication?” or “what are our options for Mom’s care?” Certainly the posts in this nursing blog suggests that’s the case. Here’s my favorite from Ortho-RN, “We usually don't allow family in the recovery room... I don't feel it's a place where family belongs.. No privacy, totally in HIPPA violations. Families like to be nosey and watch other things, and things do not always go smoothley...” (sic) Here’s another insight into how providers see their obligations
A brief foray into common sense should demonstrate the absurdity of these restrictive interpretations. The premise should be that outside a few narrow health & safety exceptions, no one other than the patient is in a better position to decide who can and cannot have information about the medical care being provided. And keeping family members away because of the risk they will see "other patients" is an absurdity. None of us have the right to receive health care in complete seclusion. Maybe high profile patients can pay for private wings—but all of us are stuck with the reality that in going to receive health care we may well be seen by other people, including those who know us. Finally, health care providers themselves are not entitled to protection from the observations and questions of family and friends about the care of their loved ones. Could there be times during an emergency when the team can't stop and talk. Sure. But if these would be reasonable requests for information from the patient, then they are reasonable from the people the patient trusts most to protect his interests.
https://lawprofessors.typepad.com/healthlawprof_blog/2013/05/are-health-care-providers-deliberately-misunderstanding-hipaa-and-if-so-what-you-can-do-about-it.html