A little privacy, please

Back in the day, this newspaper (and plenty of others) used to publish a daily list of hospital admissions and discharges. It had high readership. If it was omitted, which occasionally happened, we could usually count on at least one phone call from a reader, wondering why the “hospital notes,” as they were called, weren’t in the paper.

Over time, though, fewer and fewer hospital patients opted to have their name released. The list got shorter and shorter. By the time we discontinued the practice of publishing it a few years ago, it had more or less lost its newsworthiness.

Even before HIPAA, the Health Insurance Portability and Accountability Act of 1996, came along, health care was evolving toward greater privacy protections for patients. This wasn’t just an industry trend. Expectations of privacy were increasing among the public as well.

In our tell-all age of Twitter and Facebook, it seems counterintuitive that people would want to keep some things private – but when it comes to their health care information, most people are more sensitive about who gets to see it. It’s one thing for them to choose to share their personal stories on their own website or blog, or show a video of their gall bladder surgery at a dinner party. It’s another matter altogether for someone else to go ahead and share it without their consent, especially if the unauthorized sharing is done by someone entrusted with their health care.

The ease with which information can be transmitted electronically has upped the ante considerably. It was inevitable, I guess, that tighter patient privacy regulations would be enacted sooner or later.

HIPAA was a big deal for health care organizations to implement. Now, it has become such a permanent part of the landscape that it’s easy to forget the rules really haven’t been around all that long. It was seven years ago last week that the privacy regulations went into effect, and five years ago this week that the security rules took effect.

It’s interesting to get a behind-the-scenes glimpse of what hospitals must do in order to ensure the privacy and security of patients’ health information. At Rice Memorial Hospital here in Willmar, all staff and volunteers are required to undergo HIPAA training during their orientation and to complete refresher courses as well. Computer access to information is controlled through passwords, filters and user authorization. Audits are conducted on a regular basis. Very few breaches have been reported, so apparently it’s working. And according to hospital officials, both the staff and the public have become much more conscious of privacy since HIPAA went into effect.

HIPAA tends to get a bad rap for being overly burdensome. To be sure, the law is lumbered with a ton of paperwork and requirements. But you don’t have to look far to find examples of why we need it – such as the case of the ULCA Medical Center worker who inappropriately snooped through the late Farrah Fawcett’s medical file. And it’s not only celebrities who can be targets; ordinary patients are vulnerable too, as this case report from the Agency for Healthcare Research and Quality demonstrates. To say the gossip was embarrassing to this patient is an understatement.

Confidentiality has traditionally been more engrained in health care than in other industries. But health care also has had a long history of compromising patient privacy on a daily basis. For the most part it has been done unthinkingly rather than deliberately – a case of “this is just how we do things.”

If you ask patients, most would say the heightened awareness of their privacy has been welcome. Most patients don’t really want to share their hospital room with a stranger – or worse yet, be hospitalized in an open ward. They’d rather not be treated in an open bay in the emergency room. They don’t necessarily want to announce to the whole world that they’re in the hospital or why they needed surgery. They don’t like being rolled on a gurney down a hallway shared by the public. They’re uncomfortable with everyone at their clinic or hospital having access to their latest test results or mental status exam.

HIPAA may be cumbersome. It has been neither easy nor cheap for health care organizations to implement. But there’s a reason why the law was enacted, and it’s for the better that these regulations exist.

Leave a Reply

Your email address will not be published. Required fields are marked *