Posted by: DrJosephKim
HIPAA, Privacy and security
So we recently heard that HHS revised HIPAA (which originated in 1996). Some of us can’t even remember what kind of computer or mobile technology existed in 1996. I remember using my grayscale MacBook along with my analog Motorola StarTac cell phone (we used to call them “cell phones” back then). Of course, I also had my trusty Apple Newton Messagepad (which was killed by Steve Jobs when he returned to Apple). Alas, I digress quickly when you get me started on gadgets.
So, the new HIPAA Privacy and Security Rules have been called “sweeping changes” and I agree. We’re seeing changes to reflect technology, clinical workflow, consumer behavior, and patient expectations in 2013. However, I remain concerned that some of these changes may backfire and ultimately hurt the patient. Here’s what I mean:
HHS has indicated (in a news release) that “When individuals pay by cash they can instruct their provider not to share information about their treatment with their health plan.” This sounds good, doesn’t it? Well, it may if you’re a patient and you don’t want to see your insurance premiums go up. However, doctors (and certainly health plans) probably don’t like how this sounds because it could lead to patient harm. Let me give you an example.
Let’s say that a fictitious patient named Jane Doe (not the unconscious unidentified patient in the Emergency Room, but a different Jane Doe) tries to “hide” her diagnosis of HIV by paying cash anytime she gets treated for her HIV. In trying to “hide” this fact from health plans, she may also “hide” this fact from her primary care doctor and her endocrinologist who is managing her diabetes. After all, she doesn’t want any of her main doctors to document that she has HIV. She’s receiving HIV care from a city clinic and she’s paying cash. They’re not sending her medical records to the health plans, and she specifically instructs the city clinic not to send her records to any of her other doctors.
This is a potential example that can occur in the real world and that could ultimately harm our patient Jane Doe because both her primary care provider and her endocrinologist may end up mismanaging her health since they don’t know that she has HIV. In fact, they may prescribe treatments for her that end up being harmful to her because they don’t have a complete picture of their patient.
In reality, most patients will disclose everything about their health to their doctors because they want an accurate diagnosis and treatment plan. However, there are some patients who will hide information because they don’t want to be judged. Others may lie to their doctors because they don’t want their doctor to be angry at them. After all, they want their doctors to think that they’re doing what they’re supposed to. Patients don’t want to be viewed as “non-compliant” or lousy patients.
So, although the revised HIPAA Privacy and Security Rules offer significant benefits for patients and the entire health care community, giving patients too much control over their health information can be disastrous to their own health.
I admit that I have not read the entire 563-page document, so maybe I’m missing something here. Maybe there’s a special provision that excludes certain conditions or diagnoses (I doubt it). Maybe there’s a line in there that mentions that patients needs to sign a waiver indicating that by withholding valuable health information from their providers and payors, they may put their own health at risk (I doubt that too). Maybe the principles of utilitarian ethics in healthcare justify these types of patient decisions to withhold information. I’m just not entirely sure.
At any rate, I respect that patients need privacy, even from their own doctors and health plans. However, providers and payors are trying to do what they can to help and treat patients. Shouldn’t they have access to all relevant information? I realize that providers and payors can’t always be lumped into the same category, but that’s what some integrated delivery systems have done and they seem to be providing efficient, high-quality care.