The Blog

Shoot HIPAA the Hippo

It is impossible to be in compliance both with HIPAA and the Patriot Act
This post was published on the now-closed HuffPost Contributor platform. Contributors control their own work and posted freely to our site. If you need to flag this entry as abusive, send us an email.

If you work in healthcare, the initials HIPAA make you gag. If you are not in healthcare, you are probably unaware of this 2000-pound hippopotamus that you are supporting.

HIPAA stands for Health Insurance Portability and Accountability Act (of 1998). In the early 1990s, there was extensive corporate downsizing, reductions in force (RIF) were common events, and people lost their insurance along with their jobs. The initiating stimulus for this legislation was to make insurance portable, hence the "P" in HIPAA: you could take your insurance with you when you left your job. Gradually, the transfer of medical information became the focus. In this time of the Patriot Act, confidentiality and security were (and remain) king. Eventually, the original problem of loss of medical insurance was completely "lost" and forgotten.

HIPAA now sets forth guidelines about protection of personal medical data. It hints at dire consequences if medical confidentiality is broached. HIPAA produces defensive behaviors by both individuals and institutions to avoid governmental wrath. Examples include the following.
• Shields in your dentist's office prevent you from seeing the computer screen.
• Hospitals charts have no names on outside.
• Each year, millions of useless hours are spent doing HIPAA Compliance Training.
• I am prohibited from emailing medical information to a colleague, any colleague.
• It is impossible to be in compliance both with HIPAA and the Patriot Act.

In a contest between sharing medical information, and (supposed) protection of medical confidentiality, the latter has won hands down. Every hospital lawyer and a host of regulations make it difficult-to-impossible to do something that should be free, easy and encouraged: communication between medical caregivers.

What about the cost? The direct financial cost is in the hundreds of millions of dollars each year. No one has a clue about the indirect costs, such as errors because of confused or incomplete communication; inability to learn because information is sequestered; and lawsuits either for releasing protected information or for NOT releasing needed information. Guess who pays for HIPAA the hippo. You do. What do you get for all the money, mistakes, hassle and frustration?

We all know how hard it is to reverse a decision that has already been implemented. This is particularly true of Congressional Acts, which seem to be unkillable. Nonetheless, if there ever was law that needs to go away, that has proven to have a huge cost - in money and system disruption - for virtually no gain to anyone, it is the Health Insurance Portability and Accountability Act. Shoot HIPAA the hippo.

Before You Go

Popular in the Community