HIPAA – A Convenient, but Incorrectly Understood, Law

HIPAA - A Misunderstood Law

In 1996 the US Congress passed and President Bill Clinton signed the Health Insurance Portability and Accountability Act (HIPAA). While the actual reasons for its passage may never be known, the politicians stated reason for passage of this bill was to create safeguards to prevent unauthorized access to patient’s medical records and information.

Unfortunately, no one except lawyers who have studied it in detail understand it all and it appears the medical providers understand it less than almost anyone else.

First off, although the bill itself didn’t state it, HIPAA did not create a cause of action for people to sue their doctors. While most of us in the legal industry believed it did, the courts soon told us, you can’t bring a lawsuit based on HIPAA. Instead, the procedure is to report the violation to various entities who can then choose to sue and can choose to give you a part of any money they collect, but I haven’t heard of them “sharing the wealth” in any cases yet. Note, however, some states do create a cause of action for the release of the records due to state laws, instead of using HIPAA which is a federal law.

Second, I have yet to contact a medical provider who understood the law. It isn’t unusual to try and get a copy of medical records by sending a release of Medical Information form signed by a client only to be told we are required to use that medical provider’s form. HIPAA does not require a specific form, so any authorization can and should be valid for release of medical records or information.

HIPAA is also being used as a scapegoat for things the medical provider just doesn’t want to do or allow you to do. As an example, I went with my adult sons to get vaccinations. I have one son who is prone to passing out from needles. I asked if I could video the shot process, thinking that he might be able to use that to show his personal doctor the reaction and get the anxiety handled. However, the medical provider refused to allow me to video, even though my son was sitting there and gave his permission. When I inquired as to why it wasn’t allowed I was told, “It’s illegal under HIPAA”. Admittedly, I was dressed down that day wearing a pair of hiking pants, boots, a t-shirt, and an old flannel shirt since we were going into some wooded areas after we finished with the shots. The provider must have assumed I didn’t know anything about HIPAA. I informed her I had worked with HIPAA since its inception, kept up to date on any changes, and nowhere in the law did it state a patient couldn’t video. She then said it’s the healthcare provider’s HIPAA rights. Again, I sounded the buzzer and told her it didn’t apply there either and I offered to pull the law up on my mobile phone and allow her to show me the part she was referring to. She declined. After about 15-20 minutes of the back and forth, she finally conceded it was against their policy, “because it can be used as evidence in case we get sued.” I agreed with her that was the real reason.

That was just a couple of examples where the providers are either lying to the patients to either save time or cover their rears, or they are terribly misinformed and shouldn’t be addressing the issues at all.

A patient can choose to file a complaint with the state licensing board(s), as well as the other governmental agencies if a provider chooses not to cooperate with a patient and cites HIPAA to justify their actions or inactions.

Regardless, HIPAA is not a “catch all” law. It was designed with a very specific purpose with the primary goal being to protect the patients, not make it easier for the medical provider to ignore patient requests.

Below is a link to the actual HIPAA language and other information from the Department of Health and Human Services (DHHS) website. The DHHS is the government entity which oversees HIPAA. It is organized well although like most government websites and laws, the language can be a little hard to follow:

https://www.hhs.gov/hipaa/index.html

Here is a good link to the CDC website which offers a quick rundown of HIPAA:

https://www.cdc.gov/phlp/publications/topic/hipaa.html

Leave a Reply