Skip to main content.

Understanding HIPAA, and how it can hurt health care

Understanding HIPAA, and how it can hurt health care

Picture of Monya De

In 1996, President Bill Clinton signed the large, complicated Health Insurance Portability and Accountability Act, or HIPAA. HIPAA quickly became synonymous with privacy protection for patient medical records, and “That could be a HIPAA violation” became a buzz phrase among medical professionals and, I was surprised to observe, patients.

HIPAA is designed to protect what’s called “protected health information.” According to the U.S. Department of Health and Human Services (HHS), “protected health information” or Protected health information includes individually identifiable information involving the individual’s past, present or future physical or mental health or condition, the provision of health care to the individual, or payment for the provision of health care to the individual. In order to receive protection under the law, the information has to be connected to a specific person by name, address, birthdate, Social Security number, or even such descriptions that would allow a person to be able to identify the patient. (For example, if a doctor were to be overheard in public saying, “The heavyset cashier with the brown hair at Walmart has melanoma,” that would be a HIPAA violation.)

However, non-identifiable information is not protected. A physician can safely say at a medical conference that she had a 46-year-old female patient with Chagas’ disease because that patient could still be any 46-year-old woman. As HHS states, “There are no restrictions on the use or disclosure of de-identified health information.”

There are specific times that doctors or hospitals can share protected health information. Briefly, these include: giving information to the patient (as when patients ask for and receive their lab results); for payment (such as between a doctor and insurance company); or health care operations, like investigating a fraud case.

Psychotherapy notes require a patient’s permission before any part can be disclosed. However, even these are shared without permission in certain circumstances. If a potentially dangerous patient is missing and they were last heard on the phone threatening to kill someone, the police could require emergency access to those notes to try to find and protect the potential victim.

However, many doctors and hospitals misuse HIPAA to create roadblocks for outside physicians and hospitals who are simply trying to obtain proper medical records to deliver care to their new patients. How many times have you had to fill out a form and sign it, wait for it to be faxed, and then wait for days for the other doctor’s reply? That’s not HIPAA’s intent. The law is meant to protect patients from doctors discussing cases inappropriately with gym buddies, or nurses from telling pharmaceutical representatives about which patients might be interested in that new depression pill. 

It’s important that those who work in health care understand that patients and their treating doctors have a right to their medical information — immediately, and without the need for any signatures or faxes. That’s what the law allows. Yet, I’ve found that the same university medical center that has no problem disclosing my patients’ medical conditions to Anthem Blue Cross so that they can get paid will balk and demand unnecessary paperwork when its patients come to me for a consult.

This creates problems when doctors are trying to write a prescription and patients can’t remember the name of the medication that caused an allergic reaction, or when doctors are trying to avoid duplicating blood tests that were just done one month ago by the primary care physician. It’s no wonder that there are so many medical errors and so much waste in medicine — it can be incredibly difficult to decide the next steps in care when we don’t know what the last three steps were. Indeed, my recent conversation with a medical resident who practices at Beth Israel, a Harvard teaching hospital, confirmed that even the best in the country struggle with this — she told me their morning conferences regularly feature adverse patient events that could have been prevented with more streamlined medical records.

HIPAA provides guidance for just about every sensitive situation. Patients can give verbal permission for doctors to tell their family members how they are doing in the hospital, for example. If the patient is in a coma or can’t talk, the doctor or nurse can use her best judgment. Someone who seems like a casual friend might not get any details, but the patient’s wife might get a full diagnosis and prognosis.

HIPAA, while protective of patients’ information, is actually quite logical about how we’re supposed to handle medical information in times when it is truly needed. Now that patients are rallying around the concept of open access to medical records, health professionals are more obligated than ever to stop blocking their access.

While HIPAA allows doctors to release protected health information for the public good (for example, if someone with Ebola breaks quarantine and runs around New York City) getting information on individual patient cases for news stories can be challenging. That’s why journalists will often have better luck contacting patients on online forums, where patients can decide whether or not to reveal their identities, through disease-specific associations like the American Cancer Society, or by maintaining relationships with physicians willing to pass on requests for comment to their patients.

[Photo by Josh Hallett via Flickr.]


Picture of

Also, when people take part in clinical trials they do it voluntarily, but, of course, they again should provide some personal information, which as any other personal information, should be protected during and after the trial, as any discrepancy or fraud could have severe negative consequences on different levels. HIPAA Privacy Rule and the Code of Federal Regulations stand for protection of privacy and confidentiality of trial participants and their medical records. But unfortunately, as with every other Act, people can misuse HIPAA, too, as you’ve stated in this great article.

Picture of

I have a family member who is in the end stages of alcoholism. It is clear to me and all family members who are close to him, including physician family members, that his health is declining rapidly and the end will come soon without intervention.

I just spoke to a nurse who works at the office of his PCP. I identified myself as his brother. I expressed my concern about his condition in the gravest possible terms. Yet her overriding concern was the fact that I am not on record as having been given permission to be included in any of his health details - this concern is based on this office's interpretation of a HIPAA violation.

Anyone who has learned as much about alcoholism as I now have, knows that denial and secrecy are intrinsic to this disease. This interpretation of HIPAA is actually facilitating the inevitable course of this disease. It seems to me that Hippocrates was smarter than this when he said, "above all, do no harm".

Picture of

What is so enraging about HIPAA is there was no public discussion before it was implemented. The reigning diva Donna Shalala was "offended" some doctor not deemed worthy read her sisters chart, and suddenly the US is stuck with this poorly formed law that hurts patietns and research and costs real lives. Privacy protections are important and the honor code was doing just fine. If a patient (some movie star or politician) wants special protections fine...but I have a feeling if paitents knew how they were being cheated out of the best health care and research because of HIPAA, they would never subscribe to such draconian measures. If I'm sick, I want all eyes and minds in my hospital to be on my case, be they a medical student, researcher, or my "peronsal-choice" doctor. That will produce the best outcomes for me and prevent abuses, misinformation, etc in my treatment. HIPAA never made sense as it was written because it assumes those most trusted and deserving to have such information so they can do their job are given the horseblinders. I find it especialy ironic (and disgusting) that as the Clintons were unrolling this ridiculous and uneeded legistlation, they were expanding the NSA, so that THEY had authroity to spy and access any information THEY wanted for political purposes. Its the height of hypocrisy.

Leave A Comment


The USC Center for Health Journalism's Impact Funds provide reporting support — funding and mentoring — to journalists who think big and want to make a difference. 

Apply today for our National Impact Fund for reporting on health equity and health systems across the country. 

Apply today for our California Impact Fund for reporting that brings untold stories to light in the Golden State. 


Follow Us



CHJ Icon