New York Times on HIPAA

Keeping Patients’ Details Private, Even From Kin – New York Times

Seriously, what did they expect? A hundreds+ page law by lawyers for lawyers, about medicine, with the threat of major fines, loss of billing abilities, and they wonder why healthcare workers have become close-mouthed? (The executive summary runs 11 18 pages, if that tells you anything).

Read this article, and wonder: their fix for over-caution?

Senator Edward M. Kennedy, Democrat of Massachusetts, a sponsor of the original insurance portability law, was dismayed by the “bizarre hodgepodge” of regulations layered onto it, several staff members said, and by the department’s failure to provide “adequate guidance on what is and is not barred by the law.” To that end, Mr. Kennedy, along with Senator Patrick M. Leahy, Democrat of Vermont, plans to introduce legislation creating an office within the Department of Health and Human Services dedicated to interpreting and enforcing medical privacy.

I’m reassured already, and feel this extra layer of scrutiny is just what we need in the trenches to feel better and just trust that our on the spot judgment won’t lead to protracted guilty-until-proven-innocent government investigation.

(An amusing aside: when I had a wireless internet connection the company put the router in a box and padlocked it. This was inside my house. I asked why, and was told, ‘we do a lot of work with the Healthcare industry, and you’re a doc, so we want to make sure there’s no HIPAA violations. I kid you not. HIPAA paranoia isn’t just healthcare workers.)

If they were serious, they’d re-write this abomination to cover actual, major and intentional lapses in privacy, keep the Healthcare Portability provisions that started this, and junk the rest. It hasn’t helped.


  1. As someone who’s seen HIPAA from both sides of the bed, it does more harm than good a lot of times (even as a patient). Glad to hear Uncle Eddy wants to make sure my medical information is super super secret. I’m all for privacy, but within reason. More bureaucracy does not equal more reason. Idiot.

  2. There is no doubt that HIPAA has been the excuse for some astonishing empire building and incredibly silly interpretations. The article gives just a few of the unthinking ignorant and aggressively stupid interpretations that occur. But it is much shorter and easier to read than you think. It is not hundreds of pages long. The total regulation is 31 pages. The first 8 a definitions of terms, such as “covered entity”. The next 22 are the rules. The final page is the effective dates for various stages. What you are seeing is a continuation of mindless stupidity by hospital management (a far to common occurrence), with a ready made excuse for not thinking. “It’s HIPAA’s fault.”

    I’m not sure where you got the page count. I’m using the page count from the Federal Register. You may be referring to the response to comments version, which spends page after page explaining why each individual rule was put in place. The “huge” fines are also a misleading claim. For non-malicious violations, the fines are limited to $100/person/violation and $25,000/person/year maximum. This is a minor traffic ticket, if enforced, and has never been more than a written “don’t do it again” for any non-malicious violations.

  3. The privacy summary runs 25 pages: (18 pages of which are non-fluff).

    As for ‘just a $100 fine’, you’re kidding yourself. Nobody wants to have to report that HHS found them guilty of even a technical HIPAA violation.

    The Health Insurance portability part makes sense; the rest needs some serious scrutiny.

    Here’s the main page:

    And, there’s a glaring problem here: if no fines have been levied in 4 years, then it wasn’t needed. There’s plenty of anecdotal evidence the bad by far outweighs the good. It needs to be re-done, more with a nod to the real world.

  4. The House Whisperer says:

    The solution by regulators will always be more regulation. Not my surprised face.

  5. Didn’t this NY Times article also say that they rarely investigate claims as well? Or they only go after claims against large entities?

    I can’t tell you how many times a family member left steaming that one of us wouldn’t divulge more than generic information. What good is this?

  6. HIPPA came in handy once (and only once). I have a very common last name and some receptionist pulled my file for someone else–landing me with the bill.

    The telephone tag trying to get this straightened out was a nightmare. Finally I told the office manager that since my file was obviously shown to someone else (they initialed it) I would be reporting it as a HIPPA violation if it wasn’t taken care of today.

    After six months of polite, the mention of HIPPA spurred her to action.

    Probably the only time it has ever been useful, though.


  1. […] family members to be there to help in some capacity. The answer is irrational fear. As the GruntDoc commented, “Seriously, what did they expect? A hundreds+ page law by lawyers for lawyers, about […]