Monday, September 1, 2014
Inquirer Daily News

Do federal privacy laws hamper patient safety efforts?

The Health Insurance Portability and Accountability Act (HIPAA) was enacted in part to protect private patient health information from disclosure to unauthorized sources. The confidentiality section of HIPAA provides severe penalties in response to most unauthorized disclosures.

Do federal privacy laws hamper patient safety efforts?

The Health Insurance Portability and Accountability Act (HIPAA) was enacted in part to protect private patient health information from disclosure to unauthorized sources. The confidentiality section of HIPAA provides severe penalties in response to most unauthorized disclosures.

However, the law provides exceptions for disclosing patient health information in certain circumstances, including “to avert serious and imminent threats to health or safety.” But many health care providers are so concerned with the consequences of a HIPAA violation that they are overly cautious and refuse to disclose patient information, even when permitted by an exception.

According to a government memo describing a recent House Energy and Commerce Subcommittee on Oversight and Investigations hearing aimed at exploring “how HIPAA may interfere with patient care and public safety, either through misunderstanding, or proper application, of the law,” some healthcare providers “apply HIPAA regulations overzealously” preventing family members and law enforcement from obtaining needed information.

The memo cited misunderstanding among healthcare providers about HIPAA requirements, the law’s broad discretion for disclosing information, insufficient HIPAA education, and concerns about consequences due to noncompliance as reasons for overly cautious provider behavior.

The HIPAA privacy rule allows providers to share information about patients with their friends and family members involved in their care, for law enforcement purposes, and in the case of a serious threat to health or safety. Furthermore, if a patient is not present or is incapacitated, providers may discuss patient information with family and friends if professional judgment dictates that doing so is in the individual’s best interest.

While providers could be penalized for an impermissible disclosure under HIPAA, there is no penalty for merely refusing to make disclosures permissible under the law. Therefore, many providers believe the best way to avoid penalties is to disclose information as conservatively as possible.

This issue was brought to light when the Department of Health and Human Services (HHS) Office of Civil Rights (OCR) sent a letter to health care providers after the Sandy Hook Elementary shootings making them aware of their ability under HIPAA to disclose information and reminding them of their ethical “duty to warn” when they believe a patient poses a serious and imminent threat to himself or others.

On the other hand, HIPAA privacy protections ensure that confidential information is not released to unauthorized individuals. This privacy protection prevents identity theft and other consequences. If patients are not reassured that their records will be kept confidential, they may refuse treatment out of fear that their records will end up in the wrong hands. This is especially a concern when it comes to mental health records.

State-specific privacy laws further complicate the situation because providers are expected to comply with their individual states’ privacy laws, in addition to HIPAA. This requirement is likely to further discourage providers from disclosing protected health information.

In order to ensure that providers disclose information when appropriate, but keep it confidential when not, it is essential to re-educate providers and provide adequate guidance. While the OCR has provided guidance on this issue, it is not always easily available to providers. A physician’s time is better spent researching upcoming surgeries and procedures than scouring the HHS website looking for answers on whether he can discuss a patient’s care with a particular individual.

HIPAA should enhance, not detract from patient safety. If scare tactics regarding enforcement are resulting in a lack of communication regarding a patient’s care, we must reconsider how we are communicating HIPAA requirements to providers.


From Obamacare to Medicare to managed care, read more of The Field Clinic here >>

About this blog

The Field Clinic reports and analyzes health care laws, government policies, and political trends that are transforming the care we receive and the way we pay for it. Read more about our panel of bloggers here.

This blog is produced in partnership with Kaiser Health News, an editorially independent program of the Henry J. Kaiser Family Foundation, a nonprofit, nonpartisan health-policy research and communication organization not affiliated with Kaiser Permanente. Portions of this blog may also be found on Inquirer.com and in the Inquirer's Sunday Health Section.

Follow the Field Clinic on Twitter.

RSS feed.

Robert I. Field, Ph.D., J.D., M.P.H. Professor, School of Law & Drexel School of Public Health
Jeffrey Brenner, MD Founder of the Camden Coalition of Healthcare Providers, Medical Director of the Urban Health Institute at Cooper University Healthcare
Andy Carter President & CEO, The Hospital & Healthsystem Assoc. of Pa.
Robert B. Doherty Senior Vice President of Governmental Affairs & Public Policy American College of Physicians
David Grande, MD, MPA Assistant Professor of Medicine at the University of Pennsylvania
Tine Hansen-Turton Chief Strategy Officer of Public Health Management Corporation
Drew A. Harris, DPM, MPH Director of Health Policy Program at the Jefferson School of Population Health
Antoinette Kraus Director of the Pennsylvania Health Access Network
Laval Miller-Wilson Executive Director of the Pennsylvania Health Law Project
David B. Nash, MD, MBA Founding Dean of the Jefferson School of Population Health
Mark V. Pauly, Ph.D. Professor of Health Care Management, Business Economics and Public Policy at The Wharton School
Howard J. Peterson, MHA Managing Partner of TRG Healthcare, a national healthcare consulting firm
Donald Schwarz, MD, MPH Deputy Mayor for Health & Opportunity and Health Commissioner for the City of Philadelphia
Paula L. Stillman, MD, MBA Healthcare consultant with special expertise in population health and disease management
Elizabeth A. W. Williams Senior Vice President & Chief Communications Officer for Independence Blue Cross
Krystyna Dereszowska A third-year law student concentrating in health at Drexel
Latest Health Videos
Also on Philly.com:
Stay Connected