Comments on: HIPAA-cracy http://www.concurringopinions.com/archives/2007/07/hipaacracy.html The Law, the Universe, and Everything Sun, 22 Nov 2009 08:31:00 -0700 http://wordpress.org/?v=2.8.3 hourly 1 By: Mary H http://www.concurringopinions.com/archives/2007/07/hipaacracy.html/comment-page-1#comment-53383 Mary H Tue, 07 Aug 2007 01:39:49 +0000 http://www.solove.org/archives/2007/07/hipaa-cracy.html#comment-53383 I read the NYT article with interest and curiosity. You all can scorn those of us who toe the overzealous line undertaken by our employers, but your jobs are not at stake. As a lowly psychiatric social worker I WILL be terminated immediately if I give information to family members trying to help their relatives, unless I have a current release. Yes, it's cruel and ridiculous and interferes with care, but I won't help my patients by getting fired because our corporate compliance officer is, um, eager. She has put a regulation in place where we cannot even use patient last names in our own internal emails to need to know staff. Indeed, under HIPAA we're told that we can't confirm or deny that a person receives treatment from us even if the relative or partner calling regularly attends appointments with the patient. I agree that's it's ridiculous and I'm furious that I've been lied to, but it doesn't help my real life situation. I read the NYT article with interest and curiosity. You all can scorn those of us who toe the overzealous line undertaken by our employers, but your jobs are not at stake. As a lowly psychiatric social worker I WILL be terminated immediately if I give information to family members trying to help their relatives, unless I have a current release. Yes, it’s cruel and ridiculous and interferes with care, but I won’t help my patients by getting fired because our corporate compliance officer is, um, eager. She has put a regulation in place where we cannot even use patient last names in our own internal emails to need to know staff. Indeed, under HIPAA we’re told that we can’t confirm or deny that a person receives treatment from us even if the relative or partner calling regularly attends appointments with the patient. I agree that’s it’s ridiculous and I’m furious that I’ve been lied to, but it doesn’t help my real life situation.

]]> By: David Harlow http://www.concurringopinions.com/archives/2007/07/hipaacracy.html/comment-page-1#comment-53382 David Harlow Wed, 04 Jul 2007 17:49:52 +0000 http://www.solove.org/archives/2007/07/hipaa-cracy.html#comment-53382 Well, folks, it's not true only if and when the NYT says it is . . . Lots of ridiculous behaviors have been inappropriately blamed on HIPAA for at least as long as the regs have been in effect. But hey, it's only one link in a chain . . . . As a practicing health care attorney, I see HIPAA as just the latest fig leaf some parties try to use in explaining behaviors or in negotiating a deal when they don't want to do something -- as in, gee, I'd really like to agree with your reasonable request but I can't (HIPAA made me do it). Before HIPAA it was Stark, the Anti-Kickback Statute, or incomplete readings of other regulatory schemes. Some states (including mine, the Former People's Republic of Massachusetts) have privacy rules stricter than HIPAA in many respects so the HIPAA-cracy is perhaps less pronounced than it is elsewhere. See my post on rampant HIPAA confusion at: http://healthblawg.typepad.com/healthblawg/2007/05/hipaa_confusion.html Well, folks, it’s not true only if and when the NYT says it is . . . Lots of ridiculous behaviors have been inappropriately blamed on HIPAA for at least as long as the regs have been in effect. But hey, it’s only one link in a chain . . . . As a practicing health care attorney, I see HIPAA as just the latest fig leaf some parties try to use in explaining behaviors or in negotiating a deal when they don’t want to do something — as in, gee, I’d really like to agree with your reasonable request but I can’t (HIPAA made me do it). Before HIPAA it was Stark, the Anti-Kickback Statute, or incomplete readings of other regulatory schemes.

Some states (including mine, the Former People’s Republic of Massachusetts) have privacy rules stricter than HIPAA in many respects so the HIPAA-cracy is perhaps less pronounced than it is elsewhere.

See my post on rampant HIPAA confusion at: http://healthblawg.typepad.com/healthblawg/2007/05/hipaa_confusion.html

]]> By: Doug Sylvester http://www.concurringopinions.com/archives/2007/07/hipaacracy.html/comment-page-1#comment-53381 Doug Sylvester Wed, 04 Jul 2007 00:24:48 +0000 http://www.solove.org/archives/2007/07/hipaa-cracy.html#comment-53381 Ok--I'm not usre you overlooked the role that lawyers play..you were just too nice in calling them "consultants." Ok–I’m not usre you overlooked the role that lawyers play..you were just too nice in calling them “consultants.”

]]> By: Doug Sylvester http://www.concurringopinions.com/archives/2007/07/hipaacracy.html/comment-page-1#comment-53380 Doug Sylvester Wed, 04 Jul 2007 00:22:47 +0000 http://www.solove.org/archives/2007/07/hipaa-cracy.html#comment-53380 Not much to add here except to say that you are overlooking the role that privacy lawyers have played in this arena. I had the (mis)fortune of working for a firm at the moment GLB came into effect and our firm went to full court press to convince clients to take a far more "protective" (read: apparatchik enforced) view of GLB than I think was necessary or even wise. My guess is that most doctors use lawyers to explain what HIPAA means and, as a result, are prone to accept the view that it means "no information at any time to anyone...even the patient." The over-reaction of people to privacy issues is only made worse by the actions of the bar in overhyping both the dangers (to my mind) of over and under compliance with these "laws" and, worse, "public expectations" of privacy. Ok--I think I've overplayed my hand here... Not much to add here except to say that you are overlooking the role that privacy lawyers have played in this arena. I had the (mis)fortune of working for a firm at the moment GLB came into effect and our firm went to full court press to convince clients to take a far more “protective” (read: apparatchik enforced) view of GLB than I think was necessary or even wise.

My guess is that most doctors use lawyers to explain what HIPAA means and, as a result, are prone to accept the view that it means “no information at any time to anyone…even the patient.” The over-reaction of people to privacy issues is only made worse by the actions of the bar in overhyping both the dangers (to my mind) of over and under compliance with these “laws” and, worse, “public expectations” of privacy.

Ok–I think I’ve overplayed my hand here…

]]> By: William McGeveran http://www.concurringopinions.com/archives/2007/07/hipaacracy.html/comment-page-1#comment-53379 William McGeveran Tue, 03 Jul 2007 22:39:04 +0000 http://www.solove.org/archives/2007/07/hipaa-cracy.html#comment-53379 I don't think the industry response was "inevitable," or a "true cost." Other industries have managed to integrate privacy requirements, here and in other countries, without so much apparent overprotection. But certainly you are right that, since a big part of the problem here was poor design of these particular regulations, HIPAA is a cautionary tale for lawmakers in future. And what I meant was, if average citizens see HIPAA as the best we can do, then public support for undertaking privacy protection measures at all will be (unreasonably) reduced. I don’t think the industry response was “inevitable,” or a “true cost.” Other industries have managed to integrate privacy requirements, here and in other countries, without so much apparent overprotection.

But certainly you are right that, since a big part of the problem here was poor design of these particular regulations, HIPAA is a cautionary tale for lawmakers in future.

And what I meant was, if average citizens see HIPAA as the best we can do, then public support for undertaking privacy protection measures at all will be (unreasonably) reduced.

]]> By: Eric Goldman http://www.concurringopinions.com/archives/2007/07/hipaacracy.html/comment-page-1#comment-53378 Eric Goldman Tue, 03 Jul 2007 22:09:12 +0000 http://www.solove.org/archives/2007/07/hipaa-cracy.html#comment-53378 You write: "I fear the continued misuse of HIPAA undermines support for all privacy regulation." I hear what you're saying, but I would phrase it differently. HIPAA vividly demonstrates the true costs of privacy regulation--whether the overprotection is rational or not, it was predictable and inevitable, and the resulting hidden costs should give us pause when contemplating other new privacy regulatory efforts. Eric. You write: “I fear the continued misuse of HIPAA undermines support for all privacy regulation.” I hear what you’re saying, but I would phrase it differently. HIPAA vividly demonstrates the true costs of privacy regulation–whether the overprotection is rational or not, it was predictable and inevitable, and the resulting hidden costs should give us pause when contemplating other new privacy regulatory efforts. Eric.

]]> By: Frank http://www.concurringopinions.com/archives/2007/07/hipaacracy.html/comment-page-1#comment-53377 Frank Tue, 03 Jul 2007 20:47:28 +0000 http://www.solove.org/archives/2007/07/hipaa-cracy.html#comment-53377 Excellent points, all. It reminds me of a the constant evocation of "security" when anyone asks for any flexibility re established procedures. It's particularly sad here because HIPAA-cracy may undermine any chance we have of a coherent, interoperable, electronic medical records system; see, e.g., http://www.ncvhs.hhs.gov/050816p1.pdf Excellent points, all. It reminds me of a the constant evocation of “security” when anyone asks for any flexibility re established procedures.

It’s particularly sad here because HIPAA-cracy may undermine any chance we have of a coherent, interoperable, electronic medical records system; see, e.g.,

http://www.ncvhs.hhs.gov/050816p1.pdf

]]>