I’m not a fan of HIPAA because the law does virtually nothing for consumers and in many cases can be obstructionist in terms of families and partners working together when a medical event arises in someone’s life.
After a brief review of this April’s HIPAA statistics and my view of the governmental waste of $ that is HIPAA, this article will discuss practical tips for those looking to help patients who are not incapacitated so that HIPAA is not an obstruction as well as those who might think they have privacy rights but do not in many instances such as those under 26 whose parents are still paying for their health insurance.
In an age where the American public seems pretty comfortable with trading privacy for any number of things including alleged improved security at airports, alleged “prevention” of terrorist acts, convenience in opting for electronic records of all types, and even signing away our privacy in order to obtain health insurance coverage, HIPAA stands as a monument of Federal waste. Yes, that’s my opinion.
Though for most of us HIPAA is nothing more than signing that our provider has informed us of HIPAA, when things are released wrongfully, when privacy is breached HIPAA actually provides little protection to individuals and frequently amounts to no more than a scolding and a minor fine for the offending provider.
The only real teeth of the law come in those cases where it’s very clear that private records have been SOLD and that someone’s made money off them. That’s right, profit, because that profit is used to indicate bad INTENT which triggers sterner action by the government. This is partly why HIPAA has been such an abysmal failure in terms of protecting patient privacy. (Failure is based on reported statistics cited below put out by HHS.)
In April 2014, HHS provided “Enforcement Highlights” about HIPAA (http://www.hhs.gov/ocr/privacy/hipaa/enforcement/highlights/index.html ) noting that since April, 2003 HIPAA has received 95,588 complaints, an average of 8,690 per year. OF THOSE complaints HIPAA engaged in resolution through “INVESTIGATION AND ENFORCEMENT of 22,497” 23 percent of the complaints sent to HIPAA.
HIPAA found NO VIOLATION IN 10,114 CASES, 10 percent of the cases.
HIPAA FOUND that 57,800 “cases that were not eligible for enforcement” a whopping 60 PERCENT of the cases.
It’s a lousy 11-year record and perhaps that’s why this April 2014 report didn’t get much publicity.
But more than being an indictment of the governmental waste in terms of the productive value of HIPAA as part of HHS, is the stunning obstructionist way it makes consumers lives harder, while offering limited to no protection of privacy and requiring hoop-jumping by friends and family of those in need of medical care.
There are a few things you should know, naturally subject to variation by state, that can make your life easier if HIPAA is interfering with your ability to help a friend or family member who is NOT INCAPACITATED. Federally YOU CAN gain access to your loved one’s medical information EVEN IF that person is not incapacitated (which would trigger rules concerning health care proxies or other such documents that govern.)
http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/provider_ffg.pdf explains that if a patient is present with the provider and gives agreement to the disclosure or does not object, or when such disclosure is determined in the provider’s judgment to be relevant to treatment, care or PAYMENT for the patient, HIPAA can be virtually ignored.
Even if the patient is not present, a healthcare provider can STILL disclose information when in their judgment it is deemed “in the best interests” of the patient.
Such information can be discussed over the phone and requires NO documented agreement by the patient unless the patient provides objection in writing.
This is important for those helping out a loved one either by obtaining or paying for their health insurance and/or copayments, coinsurance and deductibles as well as for patients or would-be patients covered by such insurance. This is where HIPAA assertions have been most obstructionist for individuals and knowing that this exception to HIPAA compliance is available is important for caretakers and family to know.
On the other hand, there are dysfunctional family situations where for any number of reasons a patient would not want their information shared with anyone in their family for friend circle and in this instance, the patient who remember is not incapacitated because then the health care proxy would be relevant, but instead is able to give consent or withhold consent should communicate his or her objections to such sharing. While not foolproof this option does provide some level of privacy for grown patients, especially those covered by parent insurance. It’s also a good reason for adult children to pay their own copayments, deductibles and coinsurance even if they didn’t purchase their plans.
HIPAA takeaway, it does not significantly protect patient privacy and can be a barrier to patient assistance from family members and friends when it comes to care-giving and support, including financial. HIPAA enforcement over 11 years from 2003 to 2014 and fewer than 100,000 cases has been at a rate of 23 percent.
What would be better? If HIPAA entered a trial stage of having the limited authority to investigate and potentially prosecute ONLY those cases where deliberate breach is alleged which would trigger meaningful consequences under current HIPAA law AND if reporting such alleged instances carried a greater reward both for those making the report (citizens) and those affected by such activities (money recoveries for those whose data had been intentionally breached). Regarding the bulk of HIPAA activities concerning sloppy data breaches or careless data breaches, leave it for states to police and enforce, it's merely an expense for the Federal government that has only a remote if any benefit to citizen consumers.
