I just finished my required training about the protection of patient privacy. Every employee of New York University Langone Medical Center must take an online course and pass an admittedly not very difficult quiz as to our duties regarding patient privacy. All other American medical centers have the same requirement. I passed my quiz. But, despite my certification, I think the effort to protect privacy in health care is a lost cause. It is time to admit that privacy in health care is dead. Confessing that privacy has passed on, while reporting a death is often very sad, has many benefits. Not only is the continued effort to ensure privacy protection futile, it costs a lot of time and money, undermines trust in the health care system, causes confusion that interferes with family needs and, most importantly, likely gets in the way of giving greater benefit to the sick, soon to be sick and those who are not yet born but who will also become ill.
Much of the required teaching in the United States about privacy involves learning a bit about the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The Federal Office for Civil Rights of the Department of Health and Human Services enforces the law that protects the privacy of health information that could identify a particular patient such as addresses, phone numbers, email address and medical record numbers. I know from my training that hospitals and health care institutions must report any breach of information going to someone not providing care to a patient or paying for that care.