From Medscape: Are We Really Better Off With HIPAA?

From Medscape, an editorial by their founder: Are We Really Better Off With HIPAA? There’s a video of Mr. Frishauf reading his editorial, slowly, if you want to watch, but the entire text is under the video box. Original Image from PrawfsBlawg

Are We Really Better Off With HIPAA?

Whether you’re an American clinician or patient, there’s no escaping the Health Insurance Portability and Accountability Act (HIPAA). Republicans and Democrats assured us it would make healthcare better.

But has it?

Unless you’re a HIPAA consultant, a compliance officer, or some other bureaucrat, the answer is generally no.

The thing that bothers me most about HIPAA is its expensive, annoying, and — in the end — meaningless implementation. Clinicians have to get all patients to sign forms, which they then file, or they get into trouble, and could face huge fines. Insurance companies must do the same, but then require patients to forget about their privacy if they want insurance. So most do.

Hospitals cringe at the thought of HIPAA fines. Their well-paid consultants design elaborate, expensive systems to ensure compliance.

I will concede one good thing about HIPAA, and that’s the health insurance portability.
Title I protects health insurance coverage for workers and their families when they change or lose their jobs — and this part of the law is working.

But the much ballyhooed “privacy” parts of the law are a failure that could easily be repealed with financial savings to healthcare and no adverse effects that I can think of. In fact, US medicine without these provisions could be better, as information sharing would be easier. And that usually helps patients a lot more than it hurts them.

That’s my opinion, and I’m Peter Frishauf, founder of Medscape.

That’s my opinion as well. Mountains of paperwork, which serve only to further erode public trust in government (another meaningless form you HAVE TO SIGN, thanks for watching out for my rights) and put one more impediment in the wheels of progress.

Also, let’s not forget that the first (and as far as I can tell by Googling, only) use of HIPAA was to convict a hospital employee of identity theft. He should have gone to jail, but there’s already laws against identity theft.

And, it’s here to stay. The continuous creep of government intrusiveness into our lives continues no matter which part is in power in Washington. There’s no chance this will be overturned, politicians lack the “Oh, that was a mistake, and we’ll fix it” gene.

Image from PrawfsBlawg. Don’t want to tick off the lawyers.


  1. I took my girls to the dentist today. They had the standard forms laminated and gave me a special pen to sign it. They scanned it into the system, then whiped it clean for the next patient.

  2. I signed all of the forms at the optometrist; I obviously wouldn’t anyone to know I wear glasses. You know, the ones perched on my face as I signed the forms.

    Speaking as a patient, I couldn’t care less about my “medical privacy,” and I agree that portion of HIPAA should be repealed. What medications I take, my BP, total cholesterol, I don’t care who knows. I simply don’t care.

    In fact: Prilosec, Avodart, Fexofenadine HCL; 120/70; 119. There, it’s all on the table, and I don’t give a hoot.

    Which leads me to my question: Exactly who are the self-appointed “privacy advocates” who are so concerned. I don’t recall appointing them to speak on my behalf. I don’t recall any of them getting a vote of approval for anything they advocate.

  3. Bruce: They’re from the Government, and they’re here to help:

    Just looking at that page gives me the willies.

  4. Ok…I can’t help but reply to this. Heck…it’s pretty much what my job is about. I deal with HHS and privacy issues directly as well as monitor legislative action pertaining to privacy. Disclaimer: I don’t work for a privacy non-profit or advocacy group.

    HIPAA may not be perfect, but unfortunately legislation is necessary to protect privacy. I think all the recent data breaches have shown us that…even in the medical world. Here is a recent incident involving medical records that shows exactly why laws (federal or state) are needed.
    Patients’ Private Records Found In Dumpster

    As a result of these laws, staff and doctors are forced to know the rules they must abide by. Without them, how many doctors or medical facilities would train their staff on the need for patient privacy or even have specific office regulations regarding privacy? If anything, it would only be about security.

    The two things most people are concerned about regarding their privacy are financial information and medical information. That is why there are federal laws specifically targeting both those issues. It’s not just to make more paperwork for doctors…it’s to protect a patient’s privacy and give them specific rights. You may be interested to look at the National Consumer Health Privacy Survey that was just conducted. At least I found it interesting.

    But I completely disagree that having to sign the HIPAA statement erodes the public’s trust in government. One of the reasons that the government is focusing so much on privacy (not just in the medical world) is to help build public trust. You’d be shocked at how much government agencies have to do to protect people’s privacy as a result of legislation. Believe me…it’s A LOT! I get paid great money because of it! ;-) Again…HIPAA may not be perfect, but if you think that is bad…just wait until all the new standards and policies are created for all the new Health IT legislation that is being pushed. It may only be “required” for the federal government at first, but I will bet any amount of money that at some point soon there will be nationwide laws like HIPAA forcing doctor’s like yourself to bend over backwards to protect the patients as all records become electronic.

    Personally, I wouldn’t care so much about HIPAA if my doctors and their staff were able to spend enough time with me to create relationship and trust. I agree with you on one thing relating to privacy. It is the insurance companies that are a major problem. That is where privacy is a big issue and often keeps patients from telling their doctors information that is needed just because it would go on their “permanent record”. Sad to say that I’ve even done that. I’ll control myself and not rant about that anymore here.

    In fact…this is getting way too long. I’ll stop now. But I am curious to hear about what you think should be done instead of following HIPAA. The government may not say that they were wrong, but they often come up with new legislation that changes old legislation. If you don’t like HIPAA…lobby to have it changed.

  5. Sophizo: respectfully, that’s just nuts. There wasn’t a torrent of patient information deluging the streets before HIPAA, and the idea that it’s changed anything for the better (except the actual Insurance Portability thing) is revisionist. Physicians and hospitals already had mechanisms in place, for decades, to help insure patient privacy long before HIPAA showed up.

    (Whatever happened to the ‘no unfunded mandate’ law, anyway? I looked when this whole mess first became a public nuisance and HHS wrote in their explanation that it wasn’t an unfunded mandate, and was also exempt from the paperwork reduction act. Bollocks.)

    Patient privacy has been a professional ethic of physicians, and therefore the practice of medicine, since Hippocrates. The idea that we need the Feds to be our nanny/watchdocs is not just insulting (and frightening), it is pernicious toward self-policing professions.

    Additionally, the idea that signing forms is a Good Thing because it shows the Govt. is looking out for us doesn’t wash. I’ve watched patients, many many patients, sign that form, and what’s their choice? Don’t sign it and get no care, or sign it. The vast majority don’t read it (in fact, I’ve never seen anyone read it). That’s not a government looking out for me, that is bureaucracy run amok. It is paper for the paper-pushers’ sake and doesn’t actually improve healthcare OR PRIVACY a whit.

    What it does do is enrich a layer of people who suck more money out of the healthcare system without contributing to, you know, healthcare.

    Are people imperfect? Does private information get out? Yes. Do wee need the Feds with Fines to keep that from happening? NO. The dichotomy in your statement ‘we need laws like this’ and then linking to an article wherein pateint records were found in a dumpster points out the fallacy that HIPAA protects information. It doesn’t, as this happened well after HIPAA became law.

    Make no mistake, this is not beneficial to the docs, the hospitals, or ultimately the patients.

  6. Ok…a few things. First, I want to clarify that I never said or meant to imply that HIPAA is the best privacy law to protect my information. Just like every law, it has its good and bad points. No law is going to cover everything or make everyone happy. My point was that it is at least a start for privacy protection. This is a new area that will evolve and hopefully produce better laws and regulations. I’m sorry if that makes your life more difficult, but there are certain areas where I do want the government to step in and regulate. When it comes to my records and personal information…I want that protection. Unlike Bruce…I really do care who knows about my medical information.

    Now I know you mentioned that privacy has been a professional ethic of physicians well before HIPAA and I understand that and don’t deny it. In fact, I have a lot of respect for physicians because of that. Unfortunately, the medical community is not made up of only physicians. And if you look into some of the HIPAA complaints (like the guy you mentioned who was prosecuted), they basically are all about non-physicians. And if patient’s privacy was well taken care of before HIPAA, then why has the HHS OCR received over 15,000 complaints and are averaging 600 new ones a month since HIPAA took effect? Something isn’t working in the medical community regarding privacy. And BTW…HHS OCR has passed some of those complaints onto the DOJ. Just because the DOJ hasn’t prosecuted those people yet doesn’t mean that nothing will be done in the future.

    And in regards to that article I linked to about the records found in the dumpster…it does not point out any fallacy. The letter of the law (HIPAA in this case) is not going to stop these things from happening. What it is going to do is open them up for consequences as a result of the mistake (criminal and/or civil). Even a law against murder isn’t going to stop people from being murdered, but it does set consequences for breaking that law. No law is going to stop mistakes like this from happening…like you said, people are imperfect.

    I’m sorry if you feel that privacy laws like this are not beneficial to doctors or hospitals. But in a large number of cases they are beneficial to the patient. But these types of laws are meant to be more beneficial to the consumer than to the one selling the good.

    Again…it is the fact that there are now laws protecting my privacy as a patient that I am advocating for, even if it does cause a little extra paperwork. If patients aren’t reading what they sign, then that’s their mistake. You did your part. I happen to be one of those people who actually DOES read everything that my doctor wants me to sign. If I didn’t, then I wouldn’t know the rights I have or their specific office policies.

    This is all from my view as a patient. I am no doctor and don’t know what it is like on your end of things. That is why I would really love to hear how you would want HIPAA changed (other than getting rid of it completely, which won’t happen). You obviously have strong views about the issue.

    Ok…it’s 4am and I have work in 4 hours. That’s more than enough of a reply. :-) And I’ll understand if you don’t want to reply or continue this dialogue.

  7. I have no doubt there are a lot of complaints under the HIPAA statutes. Given that it’s so massive and so detailed, it wouldn’t surprise me that a lot of minor technical violations happen all the time.

    These laws, and the masses of laws like them, aren’t advancing healthcare, they build impediments to it. (What do you think every facility wit a complaint, no matter how bogus, is doing? Making more internal rules, making more hoops). It’s not “a little extra paperwork”, it’s the criminalization of accidents, it’s the entire Big Brother telling me how I should comduct my professional interactions with my patients and with their families.

    What do I want? I want it repealed. I want to be able to use good judgement and common sense to talk with patients and their families without worrying that there’s some rule buried in that massive set of rules that can expose me to fines and medicare disenrollment. I don’t have the luxury of quitting my job to lobby full time for changes, and since there are now another class of people (you) whose checks depend on taking money out of the system while returning nothing to actual healthcare, I doubt there will be any substantive changes.

    It is wrong to think every interaction in life should have a federal regulation attached. HIPAA is just the latest, most intrusive one in my professional life.