HIPAA’s unintended consequences generate discussion
NASHVILLE, Tenn. — Journalists, lawyers, privacy consultants, a clergyman and even a choral conductor gathered earlier this week at the First Amendment Center for a conference on the Health Insurance Portability and Accountability Act that sparked some heated discussion.
Passed in 1996, HIPAA was meant to protect the medical information of individuals, but since its specific confidentiality rules went into effect in April 2003, the act has sometimes been misinterpreted or abused to deny information to family members or the news media.
The June 21 symposium, sponsored by the First Amendment Center, the Associated Press and Vanderbilt University, was an effort to examine problems with information access caused by HIPAA. It featured presentations from individuals affected in different ways by the regulation, but it had the feel of a 25-person roundtable discussion.
At times cantankerous and at other times hopeful, the participants ultimately proposed action to improve the federal law, which virtually all in attendance acknowledged has had some unintended negative effects.
“I’m very pleased with the reaction and the discussion,” said Gene Policinski, First Amendment Center executive director. Policinski moderated most of the daylong session. “The reaction of a number of people, some of them quite familiar with this area, was that even they found new information or heard for the first time some concerns from other parts of society on issues with the regulation.”
Policinski called the conference unique, noting that other gatherings about HIPAA have dealt primarily with “implementation and compliance, but really nothing about the philosophy behind the access to the information.”
One of many horror stories of HIPAA is that of Stuart Hunt, a choral conductor from Washington state who attended the conference. He told the group how his 91-year-old mother was taken to the hospital in August 2003 after falling, how he called from the town he was living in and how the hospital, citing HIPAA, refused to tell him anything about his mother.
Carol Ostrom, a reporter for The Seattle Times who covered Hunt’s story, told participants of her experience with HIPAA and the trouble she had seen it cause in cases like Hunt’s, saying Hunt became “obsessed” with fighting HIPAA after his mother’s death.
Hunt read a prepared speech from a stack of papers in his lap, but the longer he talked, the more he strayed from the pages and the more his bitterness and passion for the subject came out.
“HIPAA is less about privacy than it is about discrimination,” Hunt said, referring to what he believes is the tendency in some hospitals to withhold information from certain people. “That’s a charge, and I’ll repeat it: HIPAA is less about privacy than it is about discrimination.”
Criticizing the implementation of the regulation, he called it “bureaucratic quicksand” and accused hospitals of protecting their own interests above those of patients.
Hunt has made strides in Washington state. In December 2004 the Washington State Hospital Association, largely because of Hunt’s efforts, told all state hospitals to release information about patients’ location and condition to family members and close friends in cases where the patient cannot be asked if he or she wants this information disclosed.
The hospital association also adopted four protocols, outlining what information hospitals can give and what questions they can answer. They include: 1) Is (name) in your hospital? 2) What is his or her general condition? 3) Is the condition life-threatening? 4) Would it help the patient or staff if I came immediately?
Robert Gellman, a lawyer and a privacy and information policy consultant in Washington, D.C., defended HIPAA, or at least the idea of HIPAA, arguing that most of the problems people face in getting information today existed before HIPAA was passed.
“If you repealed HIPAA tomorrow, the same problems would still exist,” he said.
While acknowledging that HIPAA has had unintended consequences, Gellman defended its good intentions, saying there was a need to stop people such as private investigators and insurance companies from getting patient information.
“HIPAA got a lot of things wrong,” he said, “but it also got a lot of things right.”
Chuck Auten, founder of We Who Care, a group that provides living wills, went even further, calling HIPAA “the greatest thing since peanut butter.” He said any problems the regulation has caused stemmed from misinterpretation.
Auten dazzled some of the less tech-savvy in attendance when he pulled from his wallet a small card, the size of a credit card, that contained a minidisk holding all his pertinent medical information — including his allergies, medical durable power of attorney form and instructions on whom to contact if he should be taken unconscious to a hospital. This raised questions, though, about the hospital’s need to verify the validity of the information on the minidisk.
James Hudnut-Beumler, dean of Vanderbilt Divinity School and an ordained Presbyterian minister, brought an often-overlooked effect of HIPAA to light: how hard it is has become for clergy to see members of their congregations in the hospital or even get any information about them. Churches must now be very careful what they reveal about patients to their congregations, particularly in church bulletins, he said.
“It has turned us (clergy) into social engineers,” Hudnut-Beumler said. “It gets hard to do the work that you are supposed to do and that the family expects you to do.”
He proposed a “good Samaritan provision” to apply to HIPAA that would protect medical personnel in the case of “well-intended disclosure,” an idea many attendees received favorably.
One of the most hotly debated topics of the day was privacy — what does it mean and how far should it go?
Computer scientist for BBN Technologies Peiter Zatko, better known as Mudge, asked why people register for countless discount cards if they crave privacy so much.
“We’re sending mixed messages about how much we value our privacy,” he said.
The journalists in attendance, representing news outlets large and small, staunchly defended the right of the public to know in response to some who asked why patient medical information was so important.
“Withholding information contributes to inaccurate reports,” said Cindy Allen, editor of the Enid News & Eagle in Enid, Okla. “It doesn’t make us look good.”
Hudnut-Beumler argued that disclosing information benefited not only journalists but the community as well. He stressed that people need to read stories about injuries or deaths in their community and identify with the victims.
“Overall, we’re better off in communities where we die with names,” he said.
The conference also touched on technological challenges concerning information security. Mudge, a hacker who testified before the Senate that he could “take the Internet down in 30 minutes,” said technology would never be able to protect information completely.
“There isn’t a single solution in technology,” he said, “nor will you ever have a single solution.”
In the afternoon, attendees divided into three discussion groups, then reported back to the whole group with their thoughts. They proposed possible solutions to HIPAA problems, including:
- Regularly giving coverage in news outlets to HIPAA-related problems.
- Getting more people to use minidisks like Auten’s to store their medical information for easy access at hospitals.
- Getting lawyers for the news media to draft statements to present to hospitals detailing what information they legally can release.
- Petitioning government officials for change.