Demystifying Medicine One Month at a Time

Category: personal health information (page 2 of 2)

Health Care Privacy Primer

Health Care: Confidential?

What I may see or hear in the course of the treatment or even outside of the treatment in regard to the life of men, which on no account one must spread abroad, I will keep to myself, holding such things shameful to be spoken about.                         – oath of Hippocrates, circa 400 B.C.

As part of our initiation into the profession, doctors recite the Hippocratic oath (or often a modernized version). I like to remind myself that the ancient Greeks valued confidentiality as much as we seem to today.

Since 1996, the law known as HIPAA has become paramount in enforcing this Hippocratic ideal here in the U.S. Originally intended to prevent the loss of health insurance due to change of employers, HIPAA has instead become a buzzword for protecting the public from its own medical records.

The law’s implementation demonstrates both sides of the government regulation debate: it came down as an unfunded regulatory mandate, forcing health care providers (especially hospitals) to invest heavily in creating infrastructure that neither delivers care nor brings in revenue in order to achieve compliance with the law. On the other hand, an entire industry and thousands of jobs have been created to administer, police, interpret, and adjudicate the new rules.

Hospitals have offices devoted to banging the drum in the name of protecting patients’ information from prying eyes. You have to wonder: Does any of this work?

One famous paper, citing the fact that no fewer than 75 different people have access to a hospital chart on average, called confidentiality a “decrepit concept.”

With the profusion of electronic medical records, the remnant notion of confidentiality is further challenged. Earlier this month it was discovered that a prestigious West Coast hospital experienced a breach in which more than 20,000 patients had their names and diagnoses publicly viewable on a website for almost one year. Because of incidents like this, the government now tracks these types of breaches in a publicly searchable database.

Take a look and you’ll find that over the last two years alone, more than 11 million people have had private health information exposed.

HIPAA can be fun!

With stakes including huge financial penalties, bad publicity, and the threats of termination (employment, not existence) and/or prison, you can see why hospitals take this stuff seriously. The downside is that it’s become onerous to obtain your own medical records.

Hoops to jump through. Copying costs (really? how about emailing it to me?). Waiting periods (you need this now? Fat chance.).

A friend of mine, recently hospitalized, came to a follow up appointment with her primary care doctor. She informed the medical assistant that she’d like copies of her records from the associated hospitalization. Instant shut down mode: “You’ll have to speak with the doctor about that.”

Actually, um, no. HIPAA was never intended to prevent transmission of records to patients themselves, nor was it intended to block sharing of medical data among care providers. But too often that’s the message health professionals take away from their annual compliance, safety, and HIPAA lectures.

For the intrepid, I challenge you to figure out: What’s been the overall cost of HIPAA implementation? More importantly, has the law accomplished what it was drafted for? After all, it took the passage of Obama’s health care reform bill (PPACA) to ensure that people won’t lose health insurance despite changes in job status. Is HIPAA simply a smorgasbord of unintended consequences?

On the flipside of protecting private health information, what about the public’s right to know about the doctors that they go to? In an unrelated news story, the government yanked the public’s query access to something known as the National Practitioner Data Bank, a 1986 invention that keeps track of misconduct (either intentional or unintentional) by doctors. The Data Bank is used by all states and hospitals with regard to medical licensure and credentialing. Seems like the public has a compelling interest at stake here.

As in the real world, the medical world is locked in eternal an eternal struggle between privacy and transparency.

Soon the day will come when medical documentation shall be composed in plain language rather than jargon, and patients will not only have a right to that documentation, but will receive it at the “point of purhcase.” Eventually this will be a compelling market proposition; in the present, health care remains too local. People are willing to put up with whatever they can get nearby.

Comparison shopping has always been tough in medicine, where pricing is entirely convoluted and people don’t typically have “skin in the game.”

Google Strikes Out

Yeah, that’s right. Google, the fabulously successful internet search giant, has been humbled in at least one market:

Online health records.

Like other tech companies before it, Google has learned the hard way that health care is a behemoth industry that is resistant to change its decades-old practices.

[By old practices I am referring here to health care financing and documentation; I’m not alluding to the pace of actual medical innovation, which seems to occur faster and faster with each passing headline.]

Google started the service, Google Health, in 2008. You can read the bulletin about its demise from the company here.

The idea is simple: Empower patients to upload their own health records online, stored in the “cloud,” so that they can be available anywhere anytime for use by the patient and whomever she chooses–doctor, nurse, specialist, consultant, physical therapist, yoga teacher, etc.

What’s not to like?

For one thing, privacy advocates worried about the security of such records. Libertarians worried about government and/or insurance companies using the records to screen out potentially unhealthy individuals to deny them coverage.

Perhaps the bigger barrier to adoption: inertia. Patients are very used to the idea of the doctor/practice/medical group/hospital keeping the records. It’s tradition, after all. One that’s apparently hard to shake.

As someone who works in this sector, I’ve increasingly come to feel that test results, lab values, even doctors’ notes that involve me should at the very least be shared with me. Freely and openly. Why should I have to jump through so many hoops to obtain them, like the dubious copying charges that health entities set up as a barrier to providing free documentation. Why not offer it all right up–electronically?

I keep an old fashioned paper record of my results. But I’ve never gone to the trouble of scanning the documents or uploading them to a cloud-based service like Google Health or Microsoft’s HealthVault.

Hmmm. I guess I can see why a pretty good idea like personalized online health records hasn’t panned out.

Newer posts »

© 2019 GlassHospital

Theme by Anders NorenUp ↑