HIPAA Strikes Again!

Ronald Bailey | 1.30.2004 10:16 AM

I just found out this morning that a good friend is going in for surgery to remove a blood clot from his chest caused by a fall from a horse. Of course, horseback riding is an insane activity which I stopped as soon as I left the family farm, but never mind that. Worried, I immediately called the office of his surgeon to ask how I could contact his wife at the hospital. Ha! I ran smack into the new Health Insurance Portability and Accountability Act (HIPAA) regulations. "Sorry, sir, we can't even tell you if he's in the hospital or not," explained the surgeon's assistant.

So if you're going into the hospital for any reason and would like your friends to contact or come visit you, take your cellphone. Once again, thank you Uncle Sam for your "help."

Start your day with Reason. Get a daily brief of the most important stories and trends every weekday morning when you subscribe to Reason Roundup.

NEXT: Shocking!

Hide Comments (24)

Editor's Note: As of February 29, 2024, commenting privileges on reason.com posts are limited to Reason Plus subscribers. Past commenters are grandfathered in for a temporary period. Subscribe here to preserve your ability to comment. Your Reason Plus subscription also gives you an ad-free version of reason.com, along with full access to the digital edition and archives of Reason magazine. We request that comments be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of reason.com or Reason Foundation. We reserve the right to delete any comment and ban commenters for any reason at any time. Comments may only be edited within 5 minutes of posting. Report abuses.

Shiloh70 21 years ago

In the early 90s the Americans with Disabilities Act was new. I went to an 8 hour seminar (sent by my company) to see how it would affect our operations. At the end of the seminar, the lawyer (does this tell you anything?) who was acting as M.C. said that we wouldn't really know what the ADA meant until it had been in the courts for 10 years.

Ditto for HIPAA. In the meantime, we are all part of another great social engineering experiment.
fyodor 21 years ago

Jack/Amy/Randy,

Without government regulations, the market determines what the best course of action is based on weighing relative risks and advantages of different available options. And if a particular individual has greater privacy concerns than most people, he can make his preference known and a responsive market would presumably accomodate him. Government regulations create an inefficient one-size-fits-all situation that likely benefits some but just as likely does more harm than good overall.
Randy 21 years ago

Fyodor, your market-driven regulation, while in many cases is true, does not apply when it involves issues with which the average citizen is neither inclined or prepared to pursue. The average Joe and Jane don't understand all the things that happen to their personal health information in the confines of a hospital, much less in the hands of their insurance company or the government.

I worked in a company that used data from healthcare providers and the government to make healthcare predictive modeling software. Before HIPAA, it would have been possible to identify, by hook or by crook, whose information you were viewing. HIPAA requires that all identifying information be removed from data that is given to outside viewers.

How many people know that their personal health information is being seen every day by hundreds of companies, thousands of employees, and distributed by proxy to tens of thousands of healthcare employees? HIPAA covers that because the market would demand that it doesn't matter if identifying information was included.

The patients wouldn't know it was going on, and it is cheaper for companies not to encrypt AND de-identify information, much less for the third-party companies using that information to take measures to secure and protect the confidentiality of that information. However, which is in the best interest of the public? Hoping that companies do the nice thing and protect the privacy of patients, or do the cheapest and most profitable thing and just give out information without any regard for the privacy of their customers?

The fact is, while HIPAA retains its newness and novelty, it will be a bitching point. Once the conversions are complete, nobody will give a damn because it will be seen as the proper way of handling things. Can't give people information they OUGHT to have because of a technicality? Tough. The law is nothing but a bunch of technicalities. As soon as people ignore the technicalities, the law means nothing. So what if a few people are frustrated? It's better that they're frustrated than for me to know that your mom has herpes and your dad had a penis extension surgery in 1998.
Andrew Lynch 21 years ago

"The average Joe and Jane don't understand all the things that happen to their personal health information in the confines of a hospital, much less in the hands of their insurance company or the government."

And therefore you, who are not average, should weigh in on what Joe and Jane need. Why are their needs any of your business?
Kevin Carson 21 years ago

Shiloh,

Remember when Springfield Elementary covered their entire building with wheelchair ramps?

Principal Skinner: "When people ask me if we're in full compliance with the ADA, I tell them, we're closer than we've ever been before."
JW 21 years ago

Re: "Bring your cellphone"... Every hospital I've been to in recent years has notifications all over the place that cellphone usage is verboten in the hosp...
erf 21 years ago

I worked in a medical records dept of a university and we had this policy. For any institution that provides medical services, esp those with privacy concerns or social stigma - aka, std testing, OB-GYN services, AIDS testing, mental health clinics, etc - such policies are kind of essential. A lot of people would not use such services without this privacy garuntee, and in a lot of cases, such as mental health clinics, just the knowledge of one's attendence is enough to reveal "something" about the person.
That being said, people in the hospital should have the right to let people know what's up if they want.
Skeptikos 21 years ago

Wow. I never would have thought to call the surgeon's office.

Even without HIPAA, I would expect my surgeon to not reveal any information about me to someone they didn't know. I know, crazy guy I am, but you know, I've got this thing about privacy.

Back in the day I worked for a company that often had access to private info. And legally, we were not bound to keep it secret.

But we did. You know, that crazy idea of privacy and respect. Gawd, I'm a radical.
Ronald Bailey 21 years ago

erf:

I'm certainly not against privacy, but I question that there were lots of abuses prior to the HIPAA regulations. Hospitals could (and did) guarantee privacy for sensitive areas like OB-GYN and AIDS testing well before HIPAA came along. Besides the Hippocratic Oath requires doctors to protect their patients' privacy. But letting friends know what room a patient is in was not too much to ask in the past and it's not too much to ask now. Do we need regulations specifying how every human interaction should be conducted? Or can we rely on common decency and normal good will?
david 21 years ago

I've worked in healthcare administration for 15 years...and HIPAA is, by far, one of the (maybe THE) the most burdensome regulations that I've ever encountered.
Randy 21 years ago

"I've worked in healthcare administration for 15 years...and HIPAA is, by far, one of the (maybe THE) the most burdensome regulations that I've ever encountered."

Possibly, David, but part of that has to do with its newness (it only started being enforced within the last 18 months) and the magnitude of change involved. What is burdensome now will be second nature in 5 years. Having had to learn some of the ins and outs of it, I can say that HIPAA is huge, but surprisingly comprehensive and well-reasoned. I'd much rather deal with the little inconveniences related to acclimating to HIPAA than having my information available.
Ellie 21 years ago

What is burdensome now will be second nature in 5 years.

For some aspects at least, I seriously doubt it.

"Can I have your member ID, name, and date of birth? Your ID is usually a nine-digit number that's followed you all of your life. Oh, you're calling about your son? Can I have his name and date of birth too? Is he aware you're calling on his behalf? Okay, you have a question about one of his medications? Sorry, I can't discuss it without the Rx number. It's a new prescription you just sent in so you don't have the number? Sorry, can't help you. HIPAA."

Frustrating parents and not being allowed to say the phrase "social security number" (although that was more of a precaution than the letter of the law) weren't the only reasons I just left my job at a PBM, but it made the departure a lot easier.
Randy 21 years ago

So, Ellie, you're saying that confirming someone's identity, and confirming the identity of the person about whom they're calling, is too much of a bother? Demanding specificity in a request instead of volunteering information is too much to ask?

Yeah, I guess that would be awful. After all, if I were, say, stalking you, and I heard you were in the hospital, and I wanted to find you, you wouldn't want precautions taken to safeguard you by keeping your personal information private, and by having the staff require full identification of people seeking your location.

I guess if I wanted to steal your prescription information, or disclose your location to the press, you wouldn't want your information protected. Nope, having to answer some questions is just too much to ask of people.

We should really just leave medical histories sitting around on tables, volunteer information to people on the phone or in person, and to hell with safety, privacy, and identity security. Nah, don't really need that stuff. Just let everyone have at it.

Like I said, it's burdensome now because it's new. People aren't used to it. Once people have been familiarized with the system, it won't be such a bother.
david 21 years ago

Geez, Randy, you're kinda scaring me...the way you phrase it, it sounds like some sort of "frog in slowly-increasing-temperature water until he boils to death" thing.
Ellie 21 years ago

No, I'm saying that I have a problem with not being able to answer someone's questions even AFTER I've confirmed who they are and who they're calling about, because I need information they couldn't possibly have. I could confirm the prescription by the name, strength, days supply and prescribing physician, all at my fingertips, but nope, gotta have that Rx number.

I don't give a shit about having to confirm identity -- I'm behind that part. I'm not behind the nitpicky details that aren't really helping anybody.
Cynical 21 years ago

But without HIPAA there would be unemployed medical beauracrats and our tax money might go to something silly, such as national defense or tax cuts.
Jack 21 years ago

Randy, what is the ratio of stalkers to innocent co-workers/friends/family members calling hospitals?
Amy Phillips 21 years ago

Jack: Probably fairly low. But the fact that it's only a small number of cases likely won't matter to a person who is being stalked. By your logic, we should just trust everyone all the time, because most people are honest.

The privacy issue should be addressed between patients and their doctors/hospitals/clinics. If I go in to have my appendix removed, I should be able to tell the hospital whether I want my info released to people calling to check on me, or which specific people should get that information. We don't need a federal law to protect privacy so long as those patients who care about their privacy are proactive about it and hospitals follow their patients wishes.
Highway 21 years ago

Jack, you should know that the government works on the 'One Famous Instance' principle: If there's one instance of something bad, there oughta be a law! Goes along with the 'If I could help just one person, all my years of college and training will be worth it!'

If you couldn't tell, I personally don't agree, but that's just 'cold-hearted' me.
Jimbo 21 years ago

Jack, replace "stalkers" with reporters, bosses, ex-wives, hated family members, nosy neighbors, jealous ex-boyfriends, law firm partners, collection agencies, private investigators..., and you can see why this would be an issue.

I don't know if it already exists, but there should just be a HIPAA off-switch to allow communication to any party in cases of emergency hospitalization, once signed by the patient or their proxy.
Jack 21 years ago

I feel that I should clarify that my earlier post was rhetorical in nature. My own personal view is that each individual patient (or the patient's guardian, as appropriate) should be allowed to decide at admission what level of privacy protection they receive.
mog 21 years ago

Having just recently been in the hospital, I know for a fact that is exactly what they do. I was given a form to fill out stating how much information is given out and to whom. My choice, it was up to me.

However, if you read the HIPPA statements you receive, they don't have to agree to your request and can give out protected medical infiration to damn near anyone they want.

If you really want some privacy, be a "No Info" patient, go in under an assumed name and insist on paper charting. Been there, done that too. it works and is especially useful if you have friends, nosy friends, who work at the hospital you are a patient in.
dj of raleigh 21 years ago

> I've worked in healthcare administration for 15 years...and HIPAA is, by far, one of the (maybe THE) the most burdensome regulations that I've ever encountered.---Posted by david

Please give us some examples.
I couldn't find anything in the article
that prohibited hospitals from having patient information.

I'm not surprised a doctor's office is closed mouthed.
Randy 21 years ago

Andrew:

"And therefore you, who are not average, should weigh in on what Joe and Jane need. Why are their needs any of your business?"

Why should parents, who know more about what people should do than children do, weigh in on what their kids need? Why are their needs any of their parents' business?

The fact is, it's people who know about such things who make these choices. Just like you don't get to choose to have primitive surgical procedures done when safer and more effective procedures are available, and just like you don't get to choose whether medicine will progress or regress for everyone based on your uninformed status, likewise do you not get to decide that everyone should be punished because you're ignorant about something.

Please log in to post comments

HIPAA Strikes Again!

Latest

The Liberal Legacy of Mario Vargas Llosa

Why Women Freeze Their Eggs

The Yolk's On You!

Trump's Tariffs Are Starting To Kill Jobs

150 Economists Sign Letter Opposing Trump's Protectionist Agenda

Recommended

Login Form