December: Medical privacy rules go too far

2003 Columns

The Health Insurance Portability and Accountability Act (HIPAA), federal legislation that aims to protect health information, is blocking access to personal health information that is in the public’s interest.

Health care providers have long disclosed personal health data for purposes of treatment, research, public health initiatives, and insurance reimbursement, to name a few. Increasingly, such data is transmitted in digital form.

To govern such transmissions, and with an eye toward protecting the medical privacy of individuals, Congress created HIPAA, which is now being implemented nationwide. The goal was to restrict access to health information–which it has done, in a major way. Perhaps too major.

In recent months, there have been accounts of how HIPAA rules have resulted in individuals being denied access to even basic information about their loved ones. Health care providers, faced with the prospect of huge fines for noncompliance, have become apprehensive and unwilling to disclose whether a patient has been admitted, much less his or her condition, to clergy, family members, and news reporters–information that once was offered freely.

The Milwaukee Journal Sentinel this August reported on how this rule has made it more difficult for religious leaders to get medical information on members of their congregations. Rabbi Leonard Lewy said three members of a group for Jewish adults with special needs had fallen ill and died in a hospital without anyone even knowing they had been admitted.

Parents have been blocked from learning about health problems affecting their adult children with developmental disabilities. This summer, when a porch collapse at a party in Chicago killed 13 people and injured 57, emergency crews and hospitals would not disclose the information to either the press or even the victims’ relatives.

Jeff Hovind, president of the Wisconsin Freedom of Information Council, tells a story that shows the absurd lengths to which medical professionals are going to avoid running afoul of HIPAA rules. He says that when he accompanied his wife on a medical clinic visit, he was asked to stand out of earshot while she was given directions to the room she was trying to find.

The Waukesha Freeman, where Hovind serves as editor, recently reported about a police officer escorting a prisoner to the hospital for treatment. When the officer asked health professionals where the prisoner was, he was told that HIPAA prevented the disclosure of that information.

Thanks to HIPAA rules, newspapers no longer have automatic access to birth and death announcements, or the conditions of victims and survivors. Nor can they always obtain information on the health conditions of government officials or others in the public eye. Newspapers have even been confounded in trying to get information on health epidemics that affect public safety.

Health information has always been generated, managed and utilized by health care providers, government health organizations, insurance companies and others. We never have had much control over such uses of health information, and HIPAA has not changed that.

Under HIPAA, health data is still shared with doctors, doctors in training, health insurers and workers’ compensation insurers, and, albeit not always with personal identifiers, accreditation and licensing officials, health care administrators, public health officials, health care compliance officers, organ and tissue donation organizations, researchers, coroners, military officials, judges, police and federal intelligence officers.

How is it that a regulation aimed at protecting privacy is applied in such a way that almost every agency you can name has access to your personal health information while your family does not? Why has this regulation been implemented so that vital public health information is no longer available to the public?

HIPAA legislation is undermining one of the very goals it set out to achieve: protect patient health information to cultivate patient-provider trust. A trusting relationship assumes there is a feeling of assurance or confidence between the parties involved. But HIPAA assumes that even people with a legitimate interest in health information cannot be trusted to receive it.

Your Right to Know is a monthly column produced by the Wisconsin Freedom of Information Council, a media group devoted to protecting public access to meetings and records. Kelly Kwiatkowski is communications manager for the Wisconsin Newspaper Association.