Health IT and Electronic Health Activate your FREE membership today |  Log-in

A Physician's Perspective: Meaningful Use of Health Technology

Jan 23 2013   4:42PM GMT

Will the revised HIPAA rule actually hurt patients? Here’s how it may.

Posted by: DrJosephKim
HIPAA, Privacy and security

So we recently heard that HHS revised HIPAA (which originated in 1996). Some of us can’t even remember what kind of computer or mobile technology existed in 1996. I remember using my grayscale MacBook along with my analog Motorola StarTac cell phone (we used to call them “cell phones” back then). Of course, I also had my trusty Apple Newton Messagepad (which was killed by Steve Jobs when he returned to Apple). Alas, I digress quickly when you get me started on gadgets.

So, the new HIPAA Privacy and Security Rules have been called “sweeping changes” and I agree. We’re seeing changes to reflect technology, clinical workflow, consumer behavior, and patient expectations in 2013. However, I remain concerned that some of these changes may backfire and ultimately hurt the patient. Here’s what I mean:

HHS has indicated (in a news release) that “When individuals pay by cash they can instruct their provider not to share information about their treatment with their health plan.” This sounds good, doesn’t it? Well, it may if you’re a patient and you don’t want to see your insurance premiums go up. However, doctors (and certainly health plans) probably don’t like how this sounds because it could lead to patient harm. Let me give you an example.

Let’s say that a fictitious patient named Jane Doe (not the unconscious unidentified patient in the Emergency Room, but a different Jane Doe) tries to “hide” her diagnosis of HIV by paying cash anytime she gets treated for her HIV. In trying to “hide” this fact from health plans, she may also “hide” this fact from her primary care doctor and her endocrinologist who is managing her diabetes. After all, she doesn’t want any of her main doctors to document that she has HIV. She’s receiving HIV care from a city clinic and she’s paying cash. They’re not sending her medical records to the health plans, and she specifically instructs the city clinic not to send her records to any of her other doctors.

This is a potential example that can occur in the real world and that could ultimately harm our patient Jane Doe because both her primary care provider and her endocrinologist may end up mismanaging her health since they don’t know that she has HIV. In fact, they may prescribe treatments for her that end up being harmful to her because they don’t have a complete picture of their patient.

In reality, most patients will disclose everything about their health to their doctors because they want an accurate diagnosis and treatment plan. However, there are some patients who will hide information because they don’t want to be judged. Others may lie to their doctors because they don’t want their doctor to be angry at them. After all, they want their doctors to think that they’re doing what they’re supposed to. Patients don’t want to be viewed as “non-compliant” or lousy patients.

So, although the revised HIPAA Privacy and Security Rules offer significant benefits for patients and the entire health care community, giving patients too much control over their health information can be disastrous to their own health.

I admit that I have not read the entire 563-page document, so maybe I’m missing something here. Maybe there’s a special provision that excludes certain conditions or diagnoses (I doubt it). Maybe there’s a line in there that mentions that patients needs to sign a waiver indicating that by withholding valuable health information from their providers and payors, they may put their own health at risk (I doubt that too). Maybe the principles of utilitarian ethics in healthcare justify these types of patient decisions to withhold information. I’m just not entirely sure.

At any rate, I respect that patients need privacy, even from their own doctors and health plans. However, providers and payors are trying to do what they can to help and treat patients. Shouldn’t they have access to all relevant information? I realize that providers and payors can’t always be lumped into the same category, but that’s what some integrated delivery systems have done and they seem to be providing efficient, high-quality care.

Comment on this Post

Leave a comment:

boomerbalker  |   Jan 30, 2013  12:39 PM (GMT)

Montgomery Scott to James T. Kirk: “The mor-r-re complicated the plumbing, the easier-r-r to stop up the d-r-r-rain.” As with Competitive Bidding, market-based healthcare reform, and other legislative and judicial attempts to control fraud, it appears this will just make fraudsters more slippery. Protection of privacy IS important, but there is a point where increased privacy is counterproductive. Like the backward-bending supply curve for products, services, or labor eventually we heap on so much regulation (or “protection” or “constraints” and so on) that it is impossible to make optimal progress. If you try to extinguish a bonfire with a bucket of kerosene, the fire will eventually bur out because it totally consumes all the fuel.


ConsentSystemResearcher  |   Jan 30, 2013  1:21 PM (GMT)

The illustration above of harm
to the patient’s medical care
is an excellent start to a
discussion. But rather than ask for a Yes/No answer to “Shouldn’t they
[providers] have access to all relevant information?” let’s frame the
issue as a tradeoff (I’m a technologist) “When
providers have access …?”

It is artificial to focus only on suboptimal medical care. It’s important to
expand the scope to discuss all harms to the patient Loss of a
marriage, a home, or a job can be devastating, even life-threatening. If these
consequences of a leak are fairly likely, it may reasonably outweigh possibly
suboptimal medical care. Patients deserve the right to judge the tradeoff.

The decision is not easy, and a patient taking this route needs counseling.
To start with, one might ask whether there is indeed a serious life risk to
disclosure, and if not, deliver a stern warning.  One can also widen the range of options.

· As usual
, record the data and make it available. However, this may make it visible to
all providers in a large health system, which may be unable or unwilling to
restrict internal dissemination.

· Counsel
the patient “If this is not in the record, then make sure you tell anyone making “serious” medical
treatment decisions, Do tell your PCP and endocrinologist, but it’s optional
for your podiatrist and physical therapist.

· If strong
protective systems are in place, one might record the information, but be very
sure that it will only go to those on an “approved” list, and
not be refowarded


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: