HIPAA Misinterpretations

The Healthcare Information Portability & Accountability Act (HIPAA) has had a sweeping impact on health care professional practice.

HIPAA, the federal privacy regulation designed to protect health care information, has been in force for more than 16 years, yet it is still sometimes misinterpreted. 

In A Privacy Law Misinterpreted, Paula Span, author of the New Old Age blog in the New York Times, chronicles one woman’s experience with misguided HIPAA practices.

Carol Levine accompanied her sister to the hospital in an emergency, and even though her sister was “actively requesting” Carol’s presence, an emergency room stopnurse “refused to allow Ms. Levine to accompany the patient ‘because of HIPAA.’”

According to the blog post, “the law doesn’t prevent health care professionals from sharing relevant information with family members unless the patient specifically objects.” The post continues that professionals sometimes cite HIPAA to restrict information to friends and family, and it has even been used to prevent patients from accessing their own health records.

So how can you avoid these misinterpretations? Here’s what professionals need to know (and there’s more available from the United Hospital Fund, which by the way, Carol Levine heads up) and the federal Department of Health & Human Services.

• HIPAA protects the patient and the patient’s information, not the institution or the provider.

• Patients can informally (no written document needed, though providers may request written documentation) agree to share their information with family, friends and anyone they choose. So a patient can simply say: “I want you to talk to Jerry when he shows up.” That’s enough.

• The act does NOT limit disclosure just to next of kin or a health care proxy/agent.

• If a patient is incapacitated (i.e., unconscious), the provider may use their own professional judgment to provide information to family and friends, if it is determined to be in the best interest of the patient. After all, Span points out in her post, “our system assumes [family members] will take responsibility for their ailing or disabled relatives . . . and need to know what is happening, what the patient’s options are.”

• If a patient specifically requests that information NOT be shared with someone, then the provider is bound to withhold information from that individual.

• Providers can share information with other providers (i.e., physicians, skilled nursing facilities, home care agencies, etc.) as part of coordinating the patient’s care. This is considered good care, and is not restricted by HIPAA.

Decision Health Daily has also posted some updated resources for HIPAA available for providers and consumers.