Are providers focusing on the right HIPAA precautions?

The New York Times recently published a column highlighting the difficulties many people encounter when trying to learn about—or even discuss—the health status of a friend or loved one. Among the examples cited by the article were:

  • A retirement community refusing to tell a resident what had become of her missing neighbor
  • A woman being admonished by a stranger for discussing her husband’s cancer treatment in a hospital café
  • An ER refusing to take a phone call from an 85-year-old patient’s daughter in which the daughter was attempting to share important information about her mother’s medical history

In each of these instances, the same reason was used to justify the tight-lipped policy: HIPAA. But as the Times article points out, these are examples of the widespread misinterpretation of the law. While in some settings, HIPAA has morphed into a “code of silence” that can prevent even common-sense sharing of information, the law as written “strikes a balance that permits important uses of information, while protecting the privacy of people who seek care and healing.”

As recent data breaches have shown, the risk of a major HIPAA violation likely relates more to digital information than to personal conversations. These breaches put patients at risk of identity theft in addition to exposing their private health information, and millions of records can be exposed in a single incident.

What’s the takeaway for healthcare providers? In many offices, there may be a greater need to emphasize digital security than to forbid staff members from sharing basic information with patients’ friends or family.