HIPAA (the Health Insurance Portability and Accountability Act of 1996 along with its subsequent amendments) was never intended to interfere with patient care. It was about insurance – it is not the Health Information Privacy Protection Act aka HIPPA that does not and has never actually existed.
For one, it does not apply everywhere you have medical information. Here is where it does not typically apply (there may be a few exceptions, but in general, HIPAA does not apply here)
- your employer for pre-employment physicals, wellness, or workers’ comp
- your kids’ school (other privacy laws may apply FERPA)
- your health apps and devices, like Fitbit or Loseit
- DNA companies, like 23andme
Surprised? I could write papers on any one of these topics, and I probably have written papers on them. But here’s another kicker – HIPAA does not automatically apply to your doctor or hospital.
Okay, so in reality, HIPAA probably does apply to most everyone’s doctor and hospital, but it’s not automatic just because they provide medical treatment. They have to engage in particular data transmissions related to health plans, claims, and care (for the actual definitions, see HIPAA, particularly sections 1172 and 1173) or in general here. So if you see a provider who does not file on insurance and does not send information about your care or status electronically, then HIPAA does not apply.
But also, HIPAA does not interfere in patient care. A medical provider can share information about a patient if it is deemed to be in the patient’s best interest to do so (barring perhaps the patient specifically restricting information being given to a particular person). HIPAA also does not prevent a family member from accompanying a patient to other parts of a facility for testing. I’ve seen this often when staff takes a patient to get x-rays and tells family members that they are unable to accompany the patient due to HIPAA. There may be other reasons, but HIPAA is not one of them – unless the facility is in flagrant violation of any sense of confidentiality expectations.
Also, and I have done this myself, HIPAA does not stop an individual from providing information about a patient to a medical provider. If the facility is doing or not doing something to your loved one as a patient that concerns/worries/bothers you, you can absolutely call them and provide information and relay your concerns. This nonsense about providers and staff refusing to talk to someone because HIPAA forbids it is ridiculous. They cannot provide information that is confidential (unless there is an exception), but they can certainly listen. And often, they need to listen because it may be information they are missing that could be critical to the patient’s care.
Last, when you go to a new doctor and they ask you to fill out forms for your prior doctor to get your past medical records – uh, HIPAA actually does not require that. It has become the industry practice to do so and in general, is a good practice to ensure that it really is you asking for your specific records to go to this new doctor… but HIPAA does not require authorization for health care purposes (treatment or payment). If that form is interfering with obtaining necessary medical care – there is a problem.
So, HIPAA is not everything you may think it is. If you have questions, let me know. I am happy to write about privacy.