HIPAA Doesn’t Exist For Doctors

Recently a very popular colleague of mine was hospitalized. He happened to be hospitalized at the facility where he works and thus you can imagine he was inundated with visitors and friends wanting to wish him well. Unfortunately, the terms of his hospitalization were emergent and thus he did not have a choice in where he went for treatment. His frequent visitors coming into the room began to hamper his recover and his family was forced to try and enforce privacy rules and HIPAA.

This only worked on the surface. When the hospital was called, they did not reveal that my colleague was in the hospital. They also did not reveal his room number. But upon scouring the hospital and connecting with nurses people started locating his room and once again started dropping by unannounced. Imagine the nurses trying to protect the privacy of the patient from a bunch of doctors wearing white coats!

HospitalUltimately, his family insisted on a premature discharge in order to protect their privacy.

What do you do in this situation? Well it turns out that the physician did not want his colleagues to know about the extent of his condition because he planned to return to practice after recovery. Surely one can appreciate the damage rumors can do to a physician? For example, would you go to see a physician if you knew he had a pre-existing medical condition that might affect your treatment or perhaps affect him during a surgical case?

My colleague actually told me that his family had to scold the nurses because his physician friends who were not on the treatment team were perusing his medical record. This is clearly a HIPAA and privacy violation and should not happen.

While this scenario may exist in the case where a celebrity is hospitalized, it is most problematic when a physician is hospitalized. Unfortunately HIPAA applies to the average everday patient but not to doctors in their own hospitals.

  • Jake

    And everyone snooping in on his medical records yet nothing is done. Privacy laws only apply 1st to all celebrities then maybe a few token middle class folks, then finally Doctors.

    I hate to tell Hipaa, but the common people and doctors want the same enforcement of the law that is provided for celebrities!

    This is infuriating!

  • FYI

    Yes HIPAA applies to everyone regardless (doctors, nurses, celebrities, regular patients, homeless, etc. – lets not be melodramatic and make poor generalized claims). Where was the medical director or CEO – he or she could have quickly and efficiently put a stop to the issue. Also, the family should have gotten in touch with the privacy officer or the OCR and file a complaint. It sounds like the hospital needs to be encouraged to better understand and enforce the federal and state laws regarding patient privacy.

  • The field of infertility treatment is such a privacy-sensitive one that although I am on two medical school faculties, I do not allow regular rotations of residents to my practice as they would likely encounter the many faculty, residents, nurses and med students who come to me for care. Whenever we have a celebrity, we hold a meeting to discuss the serious implications of our staff even sharing with their closest family members the fact that that patient is being seen. We have to bring the patients through the back entrance or see them after hours. It is EXTREMELY difficult keeping a lid on this type of thing, but so far we have not known of any obvious leaks. For non-celebrity patients, we have had a few encounters of neighbors or church acquaintances running into each other in the waiting rooms. Sometimes, they will reluctantly say hi, but there have been times where they just deliberately ignore each other and then later tell me that they know the other patient and would ask to be scheduled at times not to coincide with the other patient. It never took a rigid regulation like HIPAA for us to have these policies in place.

  • This situation is very unfortunate. HIPAA enforcement in situations such as this are commonly left to the nurses who are taking care of the patient, which is unfair for the nurses and not often helpful for the patients or their families.

    The hospital was required to provide a Notice of Privacy Practices to the patient at the time he was admitted, assuming he had not also been admitted previously (i.e., between April 2003 and now). It should have contained the process for him or his designees, in this case his family members, to file a privacy complaint with the hospital. Even if he was admitted emergently, the hospital’s requirement was to get the Notice to him as soon as it was medically practical for them to do so; they could also have provided the Notice to his family members.

    The family should have immediately contacted the hospital’s HIPAA Privacy Officer (the hospital is required by statute to have one). If the Privacy Officer did not immediately ensure that the kibosh was put on what was going on, the family should have contacted senior staff (CEO, Sr VPs, etc.) and complained. Of course, they may not have known this if they were never provided with the Notice of Privacy Practices, or didn’t have the time to read it.

    The Privacy Officer should have contacted the hospital’s HIPAA Security Officer (again, the hospital is required to have one), who should have immediately started utilizing whatever process the hospital has in place to track hospital system users, so that the snoopers could have been caught in the act and disciplined immediately.

    The family have up to six months from the time of the privacy breaches to file an official complaint against the hospital with Health & Human Services, and as a HIPAA patient advocate I strongly encourage them to do so. The process is relatively quick and painless: http://www.hhs.gov/ocr/hipaa — the complaint form can be found on this page. I encourage the author of this blog to follow-up on this with the patient and/or his family. HHS has received 40,000+ privacy complaints since April, 2003, and yet has fined only ONE hospital in 5+ years. Hospitals such as this one will continue to allow patients’ privacy rights to be violated unless and until active complaints are received.

    I also encourage the patient or his family members to contact the senior leadership of this hospital and let them know that the family will be filing a complaint with HHS. They should include in the letter their expectation that the hospital will take steps to stop this type of occurrence both with members of its workforce as well as all privileged providers who may or may not be staff members.

    I am establishing a patient advocacy practice specifically to deal with HIPAA Privacy & Security issues — for exactly the reasons as stated in this blog — patients and their families do not know their rights regarding their privacy and the security of their healthcare information.

  • Ailan Medici

    For example, would you go to see a physician if you knew he had a pre-existing medical condition that might affect your treatment or perhaps affect him during a surgical case?

    Are you seriously suggesting that a physician has a right to hide the fact that he has a medical condition that might harm a patient during surgery?

  • Pingback: Die Krankheitskarte()

  • Pingback: Carnival of Healing #156 |()

  • Pingback: FitBuff.com's Total Mind and Body Fitness Blog()

  • Pingback: The 157th Carnival of Healing()

  • Pingback: Healthcare Economist · 700 billion reasons to read the Health Wonk Review()

  • The only practical way to stop hospital staff and doctors from seeing records they don’t need to view is with a patient classing system. Some systems allow you to put a patient’s records in a protected class so a special password or authorization level is required to view data for celebrities, medical staff, etc…

  • Wow! Thank you! I continuously needed to write on my website something like that. Can I implement a portion of your post to my website?


Dr. JC is a medical doctor who has a passion for health promotion and education.

See All Posts By The Author

Do not miss out ever again. Subscribe to get our newsletter delivered to your inbox a few times a month.