Unintended effects of data privacy in healthcare

In this new age of seemingly endless amounts of data that can be shared in basically an instant, everyone is concerned about how our privacy will be maintained and protected. However, I would like to draw attention to an instance where I believe the pendulum has swung too far: the Healthcare Insurance Portability and Accountability Act (HIPAA) and its effects on our medical experience.

In spirit and on paper, HIPAA makes a lot of sense – it lays down the protocols by which personal health information may be shared and supposedly prevents the loss or theft of said data. For the most part, everyone wishes for their privacy to be maintained, but they also want equitable healthcare. Unfortunately, with the current standards put forth by HIPAA, patients and physicians alike find themselves choosing between one or the other.

Currently, when a patient is hospitalized, the admitting team is often forced to develop treatment plans with either part or none of the important information. Unless the patient has been previously treated within that hospital system or comes with a copy of their records, the only medical history available is the information the patient can provide themselves. There are two big potential issues with this system: 1) patients are not always able to provide the information and 2) even when they can, in most cases, they can’t provide the level of detail their providers need. In order to deal with this knowledge gap, the treating team has to request records from the outside facility. Thus, the patient has to remember where and when they were treated, sign an official release of records, and the request must be faxed to the outside facility and approved by their medical records department. The caveat with this approach is that most medical records departments keep business hours and usually have an insane backlog, resulting in a frustratingly slow and inefficient process. I personally have witnessed several patients where appropriate care was delayed by hours or days due to previous records not yet being available.

Then there’s the issue of cost, both direct and indirect. All of these privacy measures do not come cheap. If faxing isn’t an option, such as with pathology samples, then a HIPAA compliant courier must be hired to transfer the samples. These are difficult and expensive to arrange and we often end up asking family members to go pick up these samples at facilities that are sometimes hours away. These expenses disproportionately affect the less privileged members of society, such as those who have had multiple changes in their employment – thus insurance – status or those who have to be transferred in from a less-equipped facility. Furthermore, it places a greater burden on those patients who are the sickest and need to see several different specialists. Electronic patient portals have alleviated these issues partly by giving patients instant access to their records, but that still requires a smart phone or regular internet access.

While I am not advocating for a complete removal of privacy standards, I do believe we as a society need to rethink the unintended consequences that such standards are causing. Personally, if I could opt out of portions of HIPAA to make important information like medication allergies or current conditions readily accessible to any medical provider, I would. However, I am relatively healthy and have nothing in my records that would draw stigma if accidentally compromised. But given the growing frustration of both patients and physicians, I believe there would be strong interest from the public in a potentially more relaxed or tiered privacy system.