What I may see or hear in the course of the treatment or even outside of the treatment in regard to the life of men, which on no account one must spread abroad, I will keep to myself, holding such things shameful to be spoken about. – oath of Hippocrates, circa 400 B.C.
As part of our initiation into the profession, doctors recite the Hippocratic oath (or often a modernized version). I like to remind myself that the ancient Greeks valued confidentiality as much as we seem to today.
Since 1996, the law known as HIPAA has become paramount in enforcing this Hippocratic ideal here in the U.S. Originally intended to prevent the loss of health insurance due to change of employers, HIPAA has instead become a buzzword for protecting the public from its own medical records.
The law’s implementation demonstrates both sides of the government regulation debate: it came down as an unfunded regulatory mandate, forcing health care providers (especially hospitals) to invest heavily in creating infrastructure that neither delivers care nor brings in revenue in order to achieve compliance with the law. On the other hand, an entire industry and thousands of jobs have been created to administer, police, interpret, and adjudicate the new rules.
Hospitals have offices devoted to banging the drum in the name of protecting patients’ information from prying eyes. You have to wonder: Does any of this work?
One famous paper, citing the fact that no fewer than 75 different people have access to a hospital chart on average, called confidentiality a “decrepit concept.”
With the profusion of electronic medical records, the remnant notion of confidentiality is further challenged. Earlier this month it was discovered that a prestigious West Coast hospital experienced a breach in which more than 20,000 patients had their names and diagnoses publicly viewable on a website for almost one year. Because of incidents like this, the government now tracks these types of breaches in a publicly searchable database.
Take a look and you’ll find that over the last two years alone, more than 11 million people have had private health information exposed.
With stakes including huge financial penalties, bad publicity, and the threats of termination (employment, not existence) and/or prison, you can see why hospitals take this stuff seriously. The downside is that it’s become onerous to obtain your own medical records.
Hoops to jump through. Copying costs (really? how about emailing it to me?). Waiting periods (you need this now? Fat chance.).
A friend of mine, recently hospitalized, came to a follow up appointment with her primary care doctor. She informed the medical assistant that she’d like copies of her records from the associated hospitalization. Instant shut down mode: “You’ll have to speak with the doctor about that.”
Actually, um, no. HIPAA was never intended to prevent transmission of records to patients themselves, nor was it intended to block sharing of medical data among care providers. But too often that’s the message health professionals take away from their annual compliance, safety, and HIPAA lectures.
For the intrepid, I challenge you to figure out: What’s been the overall cost of HIPAA implementation? More importantly, has the law accomplished what it was drafted for? After all, it took the passage of Obama’s health care reform bill (PPACA) to ensure that people won’t lose health insurance despite changes in job status. Is HIPAA simply a smorgasbord of unintended consequences?
On the flipside of protecting private health information, what about the public’s right to know about the doctors that they go to? In an unrelated news story, the government yanked the public’s query access to something known as the National Practitioner Data Bank, a 1986 invention that keeps track of misconduct (either intentional or unintentional) by doctors. The Data Bank is used by all states and hospitals with regard to medical licensure and credentialing. Seems like the public has a compelling interest at stake here.
As in the real world, the medical world is locked in eternal an eternal struggle between privacy and transparency.
Soon the day will come when medical documentation shall be composed in plain language rather than jargon, and patients will not only have a right to that documentation, but will receive it at the “point of purhcase.” Eventually this will be a compelling market proposition; in the present, health care remains too local. People are willing to put up with whatever they can get nearby.
Comparison shopping has always been tough in medicine, where pricing is entirely convoluted and people don’t typically have “skin in the game.”