THCB

Dear HIPAA: It’s Time to Decide Who You Want To Be

Dear HIPAA:

I’m sure you get a lot of hate mail, especially from folks in my profession, so when you got this letter from me you probably assumed it was more of the same. Let me reassure you: I am not one of those docs. I do think patient privacy is important, and actually found you quite useful when facing unwanted probing questions from family members. I believe the only way for patients to really open up to docs like me is to have a culture of respect for privacy, and you are a large part of that trust I can enjoy. Yeah, there was trust before you were around, but that was before the internet, and before people used words like “social media,” and “data mining.”

But there have been things done in your name that I’ve recently come in contact with that make me conclude that either A: you are very much misunderstood, or B: you have a really dark side.

The first situation has to do with my newfound infatuation with communication in health care. I believe that the tools afforded by the internet tubes could really change care for the better; in fact, I think they could allow systems of care that could totally disrupt our malignant sick-care, cash-care system. I’ve found ways to communicate that you would approve of and have shared them with my patients. They love it. They love to connect with me while they have problems instead of paying for a visit and waiting in the office for a few hours for my help. It’s been really fun to see their enthusiasm.

So what’s the problem? It’s the doctors. Even though this communication system would allow them to give better care, allow us to collaborate without hassle, and bring back some of that “doctor’s dining room” collegiality we’ve lost, these doctors are afraid to use it. No, they are terrified. Asking them for their email address is taken to be as brash as asking for their credit card number or their wife’s cell phone number. I can see it on their faces: they picture headlines about doctors being sued millions for stolen laptops with patient files on them. They hear the ravings at conferences warning against the use of email for patient communication and the perils of using social media. They see me as a temptress trying to lure them into the dangerous online neighborhood, full of federal agents waiting to pounce, lawyers eager to sue, and journalists anxious to put their photo on the front page of the paper. OK, well, maybe the electronic version of the paper, but I was using a figure of speech. Nobody reads the paper version any more.

The point is, my patients are getting worse care because of this fear. I can’t send a message to consultants explaining why I am sending them the patient, so they make a guess and order extra tests. I can’t put my thoughts together with a colleague on a mutual patient with a difficult problem. All I get are forms to be filled out and faxed (although who knows where that fax as been?) and faxed notes with bits of information hidden under layer upon layer of E/M coding bubble-wrap. It’s worthless. It’s not communication at all, and it hurts my patients.

The second circumstance is more personal. When I got the boo…left my practice last fall, I left behind 18 years worth of patient records. Those are records documenting my decisions, my though processes, and my care of my patients. Sure, they weren’t the prettiest notes around, but they represented a lot of thought and care. As I was heading out on my last day at the practice I was notified that, upon leaving, I would not have access to these records. It seems that, despite the fact that these are records I personally wrote about my own interaction with my patients, I would be violating you if I looked at them. This information is the property of the practice, and allowing someone who was no longer a member of that practice to view them would bring down swat teams of federal agents within seconds. This, at least, was the opinion of the practice’s legal counsel.

Having just gone through a divorce, I had no desire to argue with my ex’s lawyer, so I took it like a soldier. I figured I’d just get information sent to me when I needed it. In fact, I came upon another very secure solution to make this process easy and efficient. But alas, the ex wanted nothing to do with my newfangled way of doing things, instead resorting to the high-risk behavior of faxing records (who knows where those fax machines have been?). As fate would have it, our faxes didn’t get along well, causing them to inundate me with duplicate faxes, a veritable Torrent of TIF’s, a plethora of PDF’s. This has made it next to impossible to get records on my patients, making care of them much, much harder. These are not just any records, they are my records of my care for my patients!

Say it ain’t so, HIPAA!

Do you really keep doctors from their records? Do you really keep patients from good care? Or is this simply a culture of paranoia that has propagated on ignorant doctors by fear-mongering lawyers, lecturers, and office administrators happy for the chance to intimidate the consumate intimidators? Yes, flaunting medical records to anyone who throws you beads is a bad practice that will lead to regret in the morning, but preventing communication kills. I thought better of you. I thought you were there to protect people from careless talk, from snooping employers, and from front-office gossips.

So, I ask, is it you or is it those who wish to slander your name? Are you a tool to protect, or are you a gag in the mouth of good care?

I anxiously await your reply.

Dr. Rob

Rob Lamberts, MD, is a primary care physician practicing somewhere in the southeastern United States. He blogs regularly at More Musings (of a Distractible Kind),where this post first appeared. For some strange reason, he is often stopped by strangers on the street who mistake him for former Atlanta Braves star John Smoltz and ask “Hey, are you John Smoltz?” He is not John Smoltz. He is not a former major league baseball player. He is a primary care physician.

Livongo’s Post Ad Banner 728*90

14
Leave a Reply

10 Comment threads
4 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
12 Comment authors
サングラス レディースPeter BachmanLynn in SCArt GrossMighty Casey Recent comment authors
newest oldest most voted
サングラス レディース
Guest

2014新作N級スーパーコピーマフラー、スカーフ、大判ストール専売店.ケンゾースーパーコピーマフラー:http://www.cheapscarfcopy.com/cs-kenzo.html ロベルトカヴァリスーパーコピーマフラー:http://www.cheapscarfcopy.com/cs-roberto_cavalli.html サングラススーパーコピー,サングラス レディース:http://www.cheapscarfcopy.com/cs-sunglasses.html

Peter Bachman
Guest
Peter Bachman

Nicely put Art, everything is in place to do secure encrypted email with attached encrypted files from any point in the Healthcare system to any other point. We also do patient referrals, EHR to EHR connectivity, with the same technology. I did attempt to get the EHR system that my doctor uses to communicate via encrypted mail instead of a web portal, which I don’t find very useful, and in this case the provider clearly refused, not because there was any HIPAA concern, but due to a contract they had signed with the EHR provider that did the portal. Today… Read more »

Lynn in SC
Guest
Lynn in SC

Welcome to the Twilight Zone of health care information. I believe your former practice is simply denying you access to punish you for leaving because they can. State medical practice act generally define who owns the medical records for patients. In SC another practice can request a summary by mail or fax for free, but if a patient requests the file they are charged a photocopy fee of about a $1 per page. Just another hassle barrier for patients who have the audacity to exercise choice. I encourage folks to maintain their own health records and record as much information… Read more »

Art Gross
Guest

Dr. Rob – great article! The technology is here to allow you to do everything you are asking HIPAA to allow. The issue is that there is a fear that doctors and staff will violate HIPAA’s rules and bring HIPAA related fines and penalties. The real issue is education. Doctors and staff have to realize that there are affordable and secure technologies that can easily protect patient information and allow for secure communication. Email encryption is very inexpensive and allows for HIPAA compliant communication. HIPAA smiles upon encryption! HIPAA has to stop bringing fear to medical practices and instead bring… Read more »

Mighty Casey
Guest

Dude. Welcome to Patient-Ville, which is where, most of the time, we patients are told that we can only get our records via fax. Since I personally am living in the 21st century, and do not have an actual fax -machine-, I use a virtual fax service for those rare times when I’m forced to deal with entities who insist on using 20th century tech. Via said virtual fax service, I’ve been inundated with patient-records faxes from a hospital in the midwest (I won’t name it and compound the issue). I’m a small business owner, not located in the midwest… Read more »

Vince Kuraitis
Guest

Dr. Rob, Thanks for your fascinating in-the-trenches perspectives of HIPAA’s promise and wrath.

Your letter to HIPAA assumes that there’s someone or something out there that could speak with one, unified voice on behalf of HIPAA.

Unfortunately, I don’t think that assumption holds up.

V

Dave Kirby
Guest
Dave Kirby

Rob, Under HIPAA, a provider is permitted (not required) to share PHI with another provider with whom the receiving provider has a care relationship. So, if the only impediment to obtaining records is the uncertainty about the security issues, solving the security issues will solve the problem. The strongest factor (IMHO) pressing most providers to solve the security problems are the various PHI sharing objectives in the MU program. So, maybe, most providers will have and use secure PHI sharing techniques over the next 2-4 years. If, however, the impediment today is the source provider’s unwillingness to share PHI with… Read more »

Sandra_Raup
Guest

I think you’re right, Margalit, that this can become a moot point when patients are able to aggregate their information in machine-readable and human-readable format via Blue Button technology. That will allow the patient’s record to be the best source of all their medical information, and hopefully that will allow patients to contribute to that record as well. With security protected, patients can share with other physicians they choose; family members if that would help them; their nurse or social worker who lives next door who volunteers to help with care coordination; a school nurse taking care of a child,… Read more »

James Hamrick
Guest
James Hamrick

Secure emails with patients and secure messages to colleagues are an integral part of my daily work flow as a practicing oncologist. They make sense for everyone (save time, save money, make us feel like we are delivering efficient, modern care) and are HIPAA compliant. I encourage all providers who don’t have access to these modern solutions to push for it, and all patients to demand it. At Kaiser Permanente we made the investment that allows for this technology within our EMR, and many others are doing this as well. It is an investment, but it’s a win-win. @HJamesHamrick

Margalit Gur-Arie
Guest

Not that I am in any way presuming to speak for HIPAA, but I am not sure that either one of your problems are a direct result of it. First of all, since we all love to look at “other industries” for guidance, try to imagine an attorney leaving a practice and asking the old firm for access to all “his” clients records, or an accountant who left to open his own firm, asking for the same. This is business 101 and has nothing to do with HIPAA. On the contrary, HIPAA is actually helping your clients by requiring the… Read more »

Rob
Guest

I gave my practice a secure solution to this problem but the opted for the (far less secure) faxing option. I also am asking other docs to use a HIPAA compliant communication tool, not their email. They are not happy to use it, but skittish and wary. All of this comes from the fear of HIPAA, in my opinion. The practice DID cite HIPAA as the reason to keep me away from records, not business. I was willing to negotiate access to them for both business reasons and so I could even potentially help them with any questions they had… Read more »

Margalit Gur-Arie
Guest

If their attorney is worth anything, and I am going to presume he/she is, then it most likely was a smoke screen. If you asked for access to your old EMR, then perhaps they don’t have a way to limit your access to just patients that left the old practice and are now your patients. On a more general note, there is indeed a lot of skittishness when it comes to electronic communications. Folks don’t trust this “new” medium just yet, and to be honest, I am not sure I can blame them. There isn’t good understanding of how privacy… Read more »

southern doc
Guest
southern doc

I don’t think it’s so much skittishness that causes docs to avoid electronic communications, as the fact that it’s just ONE MORE THING (or two or three) to do. It doesn’t replace US mail, faxes, phones calls; it’s just added to them, and introduces more possible sources of mistakes.

Margalit Gur-Arie
Guest

It is one more thing. It is one more thing for everybody else too. The combination of email and mobile phones with email and text messages is creating an expectation of on demand instant availability to any and all third parties. Personally, I am one of the worst offenders. If I send you an email at say 8pm, I know you’re not asleep, I know you always have your cell phone on you, I know it makes a dinging sound when an email arrives and I know you look to see what it is. So if you don’t respond in… Read more »