Law Limits Access to Patients; Provisions Narrow Information That Public Can Get from Facilities

Article excerpt

Byline: Jessie-Lynne Kerr, The Times-Union

It was intended to ensure those who left one job for another would have continuation in health insurance coverage and to provide people easier access to their medical records.

But the latest provisions of the Health Insurance Portability and Accountability Act -- those dealing with patient privacy -- have evolved into something that groups from friends and family to clergy members say is closing their access to important information. It also has health care providers cautious and confused.

The law, commonly known as HIPAA, carries stiff civil and criminal penalties for disclosing medical information to unauthorized third parties. As a result, many agencies -- especially hospitals -- acknowledge giving more weight to privacy.

"In conversations with colleagues around the country, I am hearing that people are erring on the side of over-interpreting the regulations," said Spencer Hall, a member of the HIPAA compliance team at St. Vincent's Medical Center. To the average person, it has meant that gone are the days of calling and asking about a neighbor who is in the hospital. Among some of the other reported side effects nationwide:

-- A World AIDS Day memorial in Georgia had to change its traditional luminaria remembrance so individual AIDS victims were identified by first name only by family members. The candlelit bags for those "who wanted to remember a friend or a loved one" were not HIPAA-compliant, J. Peter Rissing, an infectious disease doctor at the Medical College of Georgia, told The Associated Press.

-- Some law enforcement authorities have reported being unable to call hospitals to see if a person reported missing by relatives is a patient.

-- Emergency dispatchers in a rural Colorado town had to stop mentioning residents' names in radio calls to protect privacy.

-- Clergy members, who used to be able to stop at a hospital reception desk and ask to see the roster of new admissions so they could look for any church members, now can only see a list of patients who have signed privacy waivers.

-- A reporter writing about a major accident can't get information about those injured unless the injured person has signed a waiver.

At St. Vincent's Medical Center, according to Kim Deppe, vice president of marketing and communications, patients are given a set of forms to sign when they are admitted. They can opt out if they do not wish to be listed in the hospital directory by declining to sign a waiver of privacy.

"In that case, we cannot tell you that the patient is here," Deppe said.

In the event a patient is admitted to the emergency room unable to give consent, the name would not be released to anyone, Deppe said.

"One unintended consequence of the law would be the case where you hear your mother has been taken to the hospital, but you don't know which one," she said.

"There is some leeway where the hospital is instructed to use professional judgment," she added. "If it is in the best interest of the patient to release information, we can do that.

The intent of the law is to provide the ultimate in privacy. If the patient doesn't want anyone to know they are here or why, they become invisible.

An 18-page summary of the privacy rule prepared by the U.S. Department of Health and Human Services allows disclosure of protected health information without an individual's authorization if it is in the public interest.

The rule also covers release of information in several instances for law enforcement purposes, even without a privacy waiver, Deppe said.

The hospital can do so through a court order, to identify or locate a suspect, fugitive, material witness or missing person, to alert law enforcement officials of a patient's death when there is suspicion of a criminal cause, when necessary to inform law enforcement officials about a crime or if information is needed to apprehend an escapee or violent criminal. …