Alex (not his real name) is a 27-year-old male living with HIV. Since his diagnosis he has faced bouts of severe depression. Over time he has come to terms with his condition. Recently he called me to express his frustrations with the HIV clinic where he receives medical care. I was shocked and dismayed by the story he shared with me.
Alex went to see his physician in an HIV clinic operated by the University of California. This clinic provides medical care exclusively to patients with HIV and AIDS and apparently has a standard practice of calling patients to the exam room by their first and last names. On this visit another patient was able to look him up on Facebook in a matter of minutes while still in the waiting room. He quickly discovered where Alex worked and who his friends and family are. Then he did something very despicable: He solicited Alex for a sexual encounter, and when Alex refused, stating that he was in a committed relationship, the other patient threatened to tell everyone on his Facebook page about his HIV status.
Is it reasonable to assume that a patient in a medical clinic that only provides medical care to people with HIV is HIV-positive? Does using the patient's full name violate patient confidentiality and the Health Insurance Portability and Accountability Act (HIPAA) of 1996? The answer may surprise you: No, it does not violate the current HIPAA policy.
When Alex contacted clinic management about the incident, he was told that he could take down his Facebook page. This did not sit well with Alex, so he contacted Marty Block, then a California state assemblyman (D-San Diego) and the chair of the Committee on Higher Education. Block sent a letter to the University of California asking them to review the procedure of using first and last names in the HIV clinic. A letter dated Jan. 17, 2012, that was sent to the University of California read as follows:
According these constituents, the clinic tried a number system; and after receiving a call from another member of the California Assembly the clinic started using first name and first initial of the last name. However in short time, the clinic reverted back to using the full name of the patient in the waiting room.
On one occasion, a patient in the clinic later received a Facebook message asking him for a date. He learned that another patient who was in the waiting room heard his name called and then researched him online learning details of his work, friends and family. I know you can appreciate his feelings, and I am sure you are aware that we have abundant technologically where a first and last name can give you a wealth of detail of any patient in your waiting room.
He is distraught by the incident, and fearful that a failure to change this practice by clinic staff infringes on his or others' right to medical privacy and could allow for wider dissemination of one's status as affected by hepatitis, HIV or AIDS, a natural conclusion given the specific care offered at the clinic.
One might think that the University of California would have immediately changed its current policy to protect patients' identities. Instead, they responded by stating that the patient could take down his Facebook page. They also stated that patients prefer being called by their full name. However, they do give all patients the option of using their first name only, upon request. They went one step further, placing a sign at the check-in counter letting patients know they have an option of what name they wish to be called by.
Alex and the other patients who took the time to speak with me said that they all requested to be called by their first name only, but that when they were called, their full names were used regardless of their expressed wishes.
Medical facilities all over the country are able to create good medical information practices within short periods of time. What I fail to understand is that the University of California regents have had 16 months to think about this, but they still have no compassion for patients living with HIV.
Once again, the University of California is not in violation of any law or HIPAA guidelines, but we might ask ourselves, "Why not?"