Thursday, April 26, 2007

Patient Blogs Make HIPAA Unenforceable

HIPAA, the Health Insurance Portability and Accountability Act of 1996, contains privacy provisions that provide "protection" of patient's health care information to assure that health care providers, health plans, and health care clearinghouses don't leak such sensitive information in a public forum. You see, our legislature felt that doctors and health care providers might use such information to the detriment of our patients, so they made this law to allow government to reassure others that Big Brother could do a better job at protecting your privacy.

But now comes another realization: patient's family members might leak the informaton instead.

Patient blogs are now the rage at local hospitals here in Chicago, detailing play-by-play accounts of health care delivery and histories on patients themselves. You see, patients aren't covered by HIPAA. They can say what ever they want about themselves. But sometimes the patient isn't the one posting on the patient's blog, family members were, dutifully updating the daily progress of their loved one to the world.
"Many people have been inquiring about him so I would like to share some information with everyone," said the first in a series of near-daily updates posted by Nequin's wife, Dawn.

She described in detail how her husband had slipped on ice March 6 while walking the family dog, hit his head on the sidewalk and, nearly three hours later, asked to be taken to the hospital, complaining of a headache and weakness in his leg.

"Within minutes he was having a CAT scan, and in a few more minutes we knew he had a brain bleed," she wrote.
And companies providing these patient weblogs and message boards are springing up like 17-year cicadas:
TLContact Inc., the Northwest Side company that oversees CarePages, has created more than 50,000 such pages, according to a spokeswoman. CaringBridge, a competing service based near Minneapolis, and theStatus.com, a third major competitor based in Anchorage, claim roughly the same numbers of pages, most of them generated in the last few years as word has spread about their availability.

"Most people don't find out about them until a friend goes into the hospital and starts one," said theStatus founder Mark Pierson.

Such sites have been around nearly 10 years, are free, easy to use and fairly secure -- families can control access to them via passwords and invitation lists. Though the companies contract with hospitals for branding and promotional purposes, any patient anywhere can sign up and use any of the services.

They relieve family members and patients of the tedious job of telling the same story over and over, while the accompanying message areas become a forum for encouragement and prayers.

They offer an advantage for health-care professionals as well. Having the family post updates online allows them to skirt the awkwardness and even legal peril that newly stringent medical privacy regulations have added to such simple questions as "How's he doing?"
So in the future, if doctors or insurers get accused of violating the HIPAA provisions, they'll just look stupid and say, "Hey, I just read what I know about him on his patient blog!"

-Wes

1 comment:

Anonymous said...

I think the difference here is that the so-called health care professionals also are the official custodian of the patient's medical information and hence hold the balance of power. As such, there is a greater burden of responsibility to be careful with whom you share sensitive information.

Patients can choose to post their life story on CaringBridge or tell all their friends and neighbors about their gallbladder surgery. It's not necessarily their choice to have their surgeon, the night nurse or the person who transcribes their chart to share their personal medical details with God knows whom.