Wednesday, August 29, 2012
HIPAA attack!
I feel like HIPAA alternates between going too far and being totally disregarded.
When I was a med student, they suddenly started to get incredibly strict about HIPAA, and I felt it was to the detriment of patient care. For example, you were suddenly no longer allowed to have any patient information on the computers (i.e. for a signout sheet), even if it was under your own login which nobody else had access to. We could use an ID number to identify the patient, but not their name.
We argued about this with the powers that be, saying, "Well, why is that any worse than just carrying around a piece of paper with the patient's name and medical information on it?"
Their reply? "You're not allowed to do that either."
So basically, they were saying that we were not allowed to carry or have on the computer any information linking the patient's name to their medical information. And I can see how that totally protects the patient from anyone learning any medical information about them. It also protects them from being treated properly.
For example, humans are prone to error, and I think it's a great way to make an error if you're not allowed to use the patient's name on any sign-out sheets. It seems almost impossible not to make a mistake in that situation.
In other HIPAA-protection efforts, I've seen hospitals that only referred to patients by their first names or by their room numbers. Again, this provides an increased probability of error. In the first case, because first names are generally more common than last names so it's easier to mix up two patients, and in the second case, because patients frequently change rooms.
On the other side of things, it's actually very easy to get medical information on a patient despite HIPAA. When I get a new patient, I'll frequently call their PCP or the hospitalist that saw them before me, and they're only too happy to tell me absolutely everything about the patient without my giving any proof of who I am. Of course, it makes my life easier that I don't have to sign some release before they're willing to talk to me, but it also always makes me a little uneasy.
And I don't know if this is a HIPAA violation, but one thing that really irritates me is that when I go to the doctor, and the nurse calls out my first and last name in the waiting room. That happens all the time.
Subscribe to:
Post Comments (Atom)
If someone calls and impersonates a physician to get medical information, then that person violated HIPAA, not the physician who communicated the information to another (supposed) physician for the sake of patient care. Physician to physician communication is allowed (if it is for the care of the patient).
ReplyDeleteAlso, saying someone's name in a waiting room does not communicate any medical information, so it is not a HIPAA violation.
If they said, "Fizzy, time to come on back so we can check on that roaring case of _____", then that would be different. :)
I know it don't officially violate HIPAA, but it still feels like a violation if I'm in the waiting room of a specialist.
DeleteAnd I know physician to physician communication is allowed, but in terms of actually protecting information, but it definitely seems like an easy way for patient info to accidentally get leaked.
If you're at a specialist, it is a violation.
DeleteI used to see this OB-GYN that had a sign-in sheet for patients to sign when they came in, and a note on it that said "Do not look at other patients' appointment times as it is a violation of HIPAA." ... *scratches head*. I'm pretty sure patients can't violate HIPAA. If the office really thinks that disclosing appointment times (apparently it's okay to look at names) is a HIPAA violation, they need to change THEIR processes.
I understand what HIPAA tries to accomplish, but when it comes down to it I see it as only putting a Band-aid on the real problem which is the stigma that society attaches to diseases. Instead of actually educating people and trying to advance the way we see illness and how it affects individual we instead do the opposite and just say "Don't talk about it! If you do you'll get it trouble!"
ReplyDeleteTrue, especially with diseases like HIV. Of course, even if the irrational stigma was totally gone, I wouldn't want my providers to casually throw around my health information, because some people will judge you for things that are just factual. Like if I have an aneurism that hasn't ruptured yet, they might assume that I *could* die sooner than their other employees, and that would be a rational assumption. (Forgive me if that example doesn't work -- I'm only 1/4th of the way through medical school!)
Deleteno. the issue is less the stigma of any disease, than the accumulation of gigantic personal patient databases for the profit of employers, insurance companies, and big pharma.
ReplyDeleteI did one of my nursing clinicals in a small community hospital. Attendings would wander onto the unit in street clothes, no badge, etc. I was basically handing over patient charts to random people who asked "Do you have Mr. Z's chart?"
ReplyDeleteI work at a large teaching hospital now. At least the docs wander around in flocks and you can count on a couple wearing white coats.
Non-medical person here: I always wondered from what or whom HIPAA was protecting patients. In my admittedly limited experience, it seems to be applied arbitrarily and randomly. I recall cooling my heels in the ER waiting for my ALZ mother's test results to come back, and being pelted with text messages from her interfering babysitter. I either ignored the messages or texted back "I said I'd let you know if anything turns up." That annoyed her so she showed up in the ER, despite being told to stay home, marched up to the nurses station and demanded to know what tests they had run, what for, and what results had come back. And the nurses told her without even verifying who she was. No, I didn't fault the nurses. I fired the babysitter.
ReplyDeleteHow exactly are you supposed to work on an inpatient unit or consult service without carrying around a patient list? It's impossible.
ReplyDeleteMy pet peeves:
ReplyDelete1. going to blood lab and being told to sign in on a sign-in sheet that has your and everyone else's first and last name on it.
2. going to the pharmacy and being able to read all the details of the filled prescriptions. Because they sit in bins RIGHT in front of the registers.
At my pharmacy there is no information about the prescription on the front of the bag, for that reason. If your eyesight is good enough to read the bags from your spot at the counter, you can tell that Lizzie Jones has a prescription ready, but not what it is.
DeleteI am not a doc but a PRN therapist, so when I get to work someone has usually already made my schedule for me. At one of my sites, the therapists only refer to patients by room number, so my schedule reads: 9:00 132, 10:00 124, etc. This is ridiculous.
ReplyDeleteWhat's the first thing I do? I look it all up in computer and write out all the names next to the times, BECAUSE IT IS MORE IMPORTANT TO TREAT THE RIGHT PATIENT than to risk that someone might see my piece of paper and realize that (*gasp*) Mr. Smith is scheduled for therapy in a REHAB HOSPITAL.
What do you think is the most discrete way of calling in patients from a waiting room, that is also respectful? Firstname? Mr./Ms. Lastname? Firstname Lastname?
ReplyDelete