Keeping Patients’ Details Private, Even From Kin | NYT | 7.3.07
HIPAA was designed to allow Americans to take their health insurance coverage with them when they changed jobs, with provisions to keep medical information confidential. But new studies have found that some health care providers apply HIPAA regulations overzealously, leaving family members, caretakers, public health and law enforcement authorities stymied in their efforts to get information.
Experts say many providers do not understand the law, have not trained their staff members to apply it judiciously, or are fearful of the threat of fines and jail terms — although no penalty has been levied in four years.
Medical professionals can talk freely to family and friends, unless the patient objects. No signed authorization is necessary and the person receiving the information need not have the legal standing of, say, a health care proxy or power of attorney. As for public health authorities or those investigating crimes like child abuse, HIPAA defers to state laws, which often, though not always, require such disclosure. Medical workers may not reveal confidential information about a patient or case to reporters, but they can discuss general health issues.
It should come as no surprise that HIPAA has followed its fellow–beast, EMTALA, down the unintended path.
2 Comments
It is having said that until today 2007 many of healthcare organizations are unaware of what exactly the HIPAA rules and regulations are and/or they don’t want to invest their money to get HIPAA compliant. With the growing incidence of privacy breaches the compliance authorities should need to put more efforts bringing awareness about the HIPAA compliance and should try to make it easy and cost effective for organization to get HIPAA compliant. Very recently I came across one tool which I really find more helpful. This tool will help many organizations for multitask compliance achievement. A crosswalk between different regulations poster from Symantec is a very useful tool. This poster is crosswalk between: Sarbanes Oxley, HIPAA, Payment Card Industry (PCI), GLBA, NERC standards CIP and PIPEDA (Canada) http://www.compliancehome.com/symantec/
It is having said that until today 2007 many of healthcare organizations are unaware of what exactly the HIPAA rules and regulations are and/or they don’t want to invest their money to get HIPAA compliant. With the growing incidence of privacy breaches the compliance authorities should need to put more efforts bringing awareness about the HIPAA compliance and should try to make it easy and cost effective for organization to get HIPAA compliant. Very recently I came across one tool which I really find more helpful. This tool will help many organizations for multitask compliance achievement. A crosswalk between different regulations poster from Symantec is a very useful tool. This poster is crosswalk between: Sarbanes Oxley, HIPAA, Payment Card Industry (PCI), GLBA, NERC standards CIP and PIPEDA (Canada) http://www.compliancehome.com/symantec/