By now, most people are aware that they have sacrificed some of their privacy to new technologies that are supposed to make our lives easier. In the face of the coronavirus pandemic, I wondered how much we know about our medical privacy rights.
Among other measures, The Health Insurance Portability and Accountability Act, known as HIPAA, was advertised as a law to protect health records and privacy.
Every time you begin treatment with a new health care provider, they typically present a HIPAA form, which you acknowledge by signing. When they give you the sheet, they tell you that it is for "your privacy." HIPAA forms are like EULAs (end-user license agreements) that we agree to every time we download an app. Few people read EULAs or HIPAA notices. The Department of Health & Human Services (HHS) provides information about the HIPAA rules on its website, https://www.hhs.gov/hipaa/index.html.
I thought HIPAA protects our privacy by requiring that a patient explicitly permit sharing any of their health care information. A careful reading of HIPAA, however, demonstrates the law is less about protecting privacy than giving health care entities the right to exchange personal information without the patient's explicit consent.
HIPAA outlines three ways "covered entities" can exchange information.
First, "covered entities" can exchange information among health care providers to facilitate efficient treatment. This makes sense since it would be time-consuming to contact each patient to get permission every time there was an issue over, say a prescription. A pharmacist may have legitimate concerns that one medication could lead to a dangerous interaction with another prescription. On the other hand, this same clause has the potential for abuse. It can be used to discuss a patient's medications or treatments for less principled reasons.
The second permission to exchange information is any issue related to payment. Insurance companies have the right to review the details of a patient's condition and decide whether their particular plan covers such treatment. Of course, insurance companies need to weed out fraudulent billing and medically unnecessary procedures, but does a faceless bureaucrat have the right to discuss intimate details of a patient's health? Do they know better than a doctor which statin a person with high cholesterol should take?
Finally, the third and potentially most concerning aspect of HIPAA is the sharing of information for "health care operations." This right to share information has allowed states to set up Physician Drug Monitoring Programs (PDMP's). Now that EMR (Electronic Medical Records) is mandatory, electronic prescribing is universal, and the state has easy access to all the prescriptions from every doctor.
PDMPs are administered at the state level to curb prescription drug abuse. There are legitimate concerns about opioids, fentanyl, and other controlled substances. There are large quantities of prescription medications sold on black markets through operations called "pill-mills" and people who go "doctor-shopping." EMR and PDMP make these enterprises more difficult, but they also result in legitimate prescriptions getting flagged.
Perhaps you've experienced this when you needed a pre-approval for a medication? In this scenario, the insurance company is questioning your doctor's judgment. You have to wait for your prescription until your doctor and insurance company connect. At that time, your doctor tells the insurance company, "Yes, I meant to prescribe what I wrote." The insurance company then asks for more information about your condition to determine if they will pay.
PDMP increases the chances of pharmacies or insurance companies flagging a prescription. States monitor many other categories of drugs, including specific statins (cholesterol control medications), beta-blockers, and ACE inhibitors (blood pressure medicines), among others.
The health care provider, whom you trust, and may discuss intimate issues, may be forced to explain your treatment with a bureaucrat who has no business in your health care. They may be discouraged from using a novel treatment that deviates from standard protocols. Your health care decisions will be in the hands of an insurance company's medical director or a panel of physicians who have never met you or understand your unique concerns.
The privacy we believe HIPAA provides our health care records is a myth. Ultimately, we trust all parties to guard and not abuse our personal information. If you can, please discuss HIPAA and what is happening to medical practice today with your health care professional.
Andy Bloom is president of Andy Bloom Communications. He specializes in media training and political communications. He is regarded as one of the leading radio programmers in the country. Andy served as communications director for Rep. Michael R. Turner, R-Ohio. For more information, his website is www.andybloom.com. For more of his reports, Go Here Now.
© 2021 Newsmax. All rights reserved.