HIPAA Doesn’t Exist For Doctors
Recently a very popular colleague of mine was hospitalized. He happened to be hospitalized at the facility where he works and thus you can imagine he was inundated with visitors and friends wanting to wish him well. Unfortunately, the terms of his hospitalization were emergent and thus he did not have a choice in where he went for treatment. His frequent visitors coming into the room began to hamper his recover and his family was forced to try and enforce privacy rules and HIPAA.
This only worked on the surface. When the hospital was called, they did not reveal that my colleague was in the hospital. They also did not reveal his room number. But upon scouring the hospital and connecting with nurses people started locating his room and once again started dropping by unannounced. Imagine the nurses trying to protect the privacy of the patient from a bunch of doctors wearing white coats!
Ultimately, his family insisted on a premature discharge in order to protect their privacy.
What do you do in this situation? Well it turns out that the physician did not want his colleagues to know about the extent of his condition because he planned to return to practice after recovery. Surely one can appreciate the damage rumors can do to a physician? For example, would you go to see a physician if you knew he had a pre-existing medical condition that might affect your treatment or perhaps affect him during a surgical case?
My colleague actually told me that his family had to scold the nurses because his physician friends who were not on the treatment team were perusing his medical record. This is clearly a HIPAA and privacy violation and should not happen.
While this scenario may exist in the case where a celebrity is hospitalized, it is most problematic when a physician is hospitalized. Unfortunately HIPAA applies to the average everday patient but not to doctors in their own hospitals.
JC, MD
Dr. JC is a medical doctor who has a passion for health promotion and education.12 Responses
Was nützen verschlüsselte Daten, wenn Anwälte im Spiel sind?…
Es wäre vermessen, die USA als "Testregion" zu bezeichnen. Immerhin haben sie dort etwas mehr praktische Erfahrung im Umgang mit EMR (hierzlande gern als eEPA bezeichnet) sammeln dürfen. Und soo weit sind wir hierzulande noch gar ni…
[...] Blogger presents HIPAA Doesn’t Exist For Doctors posted at Brain Blogger, saying, “Recently a very popular colleague of mine was hospitalized. [...]
Total Mind and Body Fitness Blog Carnival 68…
Monday is Blog Carnivals Day. A Blog Carnival is basically a collection of articles or blog posts, all relating to a similar subject, that are gathered together for your viewing pleasure. You can quickly and conveniently see a list of Article Titles a…
[...] Blogger presents HIPAA Doesn?t Exist For Doctors an interesting look at trying to preserve a Doctors privacy when admitted to a hospital in [...]
[...] What is a sick physician to do: reveal the extent of his condition to his colleagues and have his practice suffer or keep his condition a secret. Brain Blogger discusses. [...]
Leave a Reply
Popular Posts
- The Love Drug
- Women After Sex
- Fatty Acids and Suicide Risk
- Mind Games - Science's Attempts at Thought Control
- Risks of Personalized Medicine
- Mental Health Disorders Prevalent Among Youth Worldwide
- Is Giftedness Nothing More than Good Genes?
- Behind the Masks - The Mysteries of Dissociative Identity Disorder
- The NeuroSocial Network
- Inside Your Brain on Holiday
Future Posts
- A Nicotine Patch a Day Keeps the Cognitive Impairment Away
Latest Posts
- The Many Emerging Roles of Astrocytes
- Diabetes Impairs Cognition
- Media Violence Leads to Real Violence
- Intelligence – Are You Holding Back Your Brain?
- Childhood Aggression Predicts Health Care Use Later in Life
- The Brain’s Border Patrol – Blood Brain Barrier
- Risks of Personalized Medicine
- BED-head and Obesity – Food for Thought
- Salvia Divinorum – DEA Control over Magic in the Mint
- Mighty Microglia – The Brain’s Immune Cells Key to Treating Brain Diseases
Comments
- Matt: I'm just interested in hearing
- Carla Easley: If everyone adopted the "Growt
- Isabel (retired RN): I second that query for resear
- David: How about some citations to pe
- MrsK: @Dawn - I agree with your stat
- andrew: this is really cool!! i love t
- Dawn: 18. Dawn Says:Wow, some o
- Richard Kensinger, MSW: We understand that there are m
- Lisamarie Antonicelli: In response to Diabetes Impair
- : Hey Gang, There is a wonderfu
- Alexis remm: sorry for the errors
- Alexis remm: Ok both have reason just some
And everyone snooping in on his medical records yet nothing is done. Privacy laws only apply 1st to all celebrities then maybe a few token middle class folks, then finally Doctors.
I hate to tell Hipaa, but the common people and doctors want the same enforcement of the law that is provided for celebrities!
This is infuriating!
Yes HIPAA applies to everyone regardless (doctors, nurses, celebrities, regular patients, homeless, etc. – lets not be melodramatic and make poor generalized claims). Where was the medical director or CEO – he or she could have quickly and efficiently put a stop to the issue. Also, the family should have gotten in touch with the privacy officer or the OCR and file a complaint. It sounds like the hospital needs to be encouraged to better understand and enforce the federal and state laws regarding patient privacy.
The field of infertility treatment is such a privacy-sensitive one that although I am on two medical school faculties, I do not allow regular rotations of residents to my practice as they would likely encounter the many faculty, residents, nurses and med students who come to me for care. Whenever we have a celebrity, we hold a meeting to discuss the serious implications of our staff even sharing with their closest family members the fact that that patient is being seen. We have to bring the patients through the back entrance or see them after hours. It is EXTREMELY difficult keeping a lid on this type of thing, but so far we have not known of any obvious leaks. For non-celebrity patients, we have had a few encounters of neighbors or church acquaintances running into each other in the waiting rooms. Sometimes, they will reluctantly say hi, but there have been times where they just deliberately ignore each other and then later tell me that they know the other patient and would ask to be scheduled at times not to coincide with the other patient. It never took a rigid regulation like HIPAA for us to have these policies in place.
This situation is very unfortunate. HIPAA enforcement in situations such as this are commonly left to the nurses who are taking care of the patient, which is unfair for the nurses and not often helpful for the patients or their families.
The hospital was required to provide a Notice of Privacy Practices to the patient at the time he was admitted, assuming he had not also been admitted previously (i.e., between April 2003 and now). It should have contained the process for him or his designees, in this case his family members, to file a privacy complaint with the hospital. Even if he was admitted emergently, the hospital’s requirement was to get the Notice to him as soon as it was medically practical for them to do so; they could also have provided the Notice to his family members.
The family should have immediately contacted the hospital’s HIPAA Privacy Officer (the hospital is required by statute to have one). If the Privacy Officer did not immediately ensure that the kibosh was put on what was going on, the family should have contacted senior staff (CEO, Sr VPs, etc.) and complained. Of course, they may not have known this if they were never provided with the Notice of Privacy Practices, or didn’t have the time to read it.
The Privacy Officer should have contacted the hospital’s HIPAA Security Officer (again, the hospital is required to have one), who should have immediately started utilizing whatever process the hospital has in place to track hospital system users, so that the snoopers could have been caught in the act and disciplined immediately.
The family have up to six months from the time of the privacy breaches to file an official complaint against the hospital with Health & Human Services, and as a HIPAA patient advocate I strongly encourage them to do so. The process is relatively quick and painless: http://www.hhs.gov/ocr/hipaa — the complaint form can be found on this page. I encourage the author of this blog to follow-up on this with the patient and/or his family. HHS has received 40,000+ privacy complaints since April, 2003, and yet has fined only ONE hospital in 5+ years. Hospitals such as this one will continue to allow patients’ privacy rights to be violated unless and until active complaints are received.
I also encourage the patient or his family members to contact the senior leadership of this hospital and let them know that the family will be filing a complaint with HHS. They should include in the letter their expectation that the hospital will take steps to stop this type of occurrence both with members of its workforce as well as all privileged providers who may or may not be staff members.
I am establishing a patient advocacy practice specifically to deal with HIPAA Privacy & Security issues — for exactly the reasons as stated in this blog — patients and their families do not know their rights regarding their privacy and the security of their healthcare information.
Are you seriously suggesting that a physician has a right to hide the fact that he has a medical condition that might harm a patient during surgery?
The only practical way to stop hospital staff and doctors from seeing records they don’t need to view is with a patient classing system. Some systems allow you to put a patient’s records in a protected class so a special password or authorization level is required to view data for celebrities, medical staff, etc…
Wow! Thank you! I continuously needed to write on my website something like that. Can I implement a portion of your post to my website?