Monday, November 28, 2011

When a HIPAA Security Breech Occurs

It wasn't the fact that pop-star Lindsey Lohan's father, Michael Lohan, was hospitalized that caught my eye, nor was it the splashy headline: Michael Lohan Struggling to Speak, Breathe. What caught my eye was the picture that accompanies the article that reportedly shows Mr. Lohan asleep in his hospital bed.

Is this picture of a man who is "short of breath" authentic? Since there is no oxygen tubing and no pulse oximeter applied to the pictured patient's finger, we are left to wonder.

But what if the picture IS authentic? What will happen as a result?

Will this photograph be ignored? For hospital administration and government regulators, this would pose an enormous problem.

If not ignored, will the perpetrators be brought to justice? What financial "lesson" will be levied against them?

It is frightening to consider how an investigation of such an obvious lapse in patient privacy might be conducted thanks to the implications to health care facilities imposed by HIPAA. Will all the nurses on the unit be placed on administrative leave until someone squeals? Or maybe the cleaning staff? Maybe the family themselves? Perhaps the whole hospital will have to attend HIPAA refresher courses. Perhaps the ward should be closed until the problem identified. And what about the hospital administration who have permitted such an egregious lapse in governmental policy? What fines will be levied against them as a result? Will hospital costs for future patients be adversely affected as a result of these fines?

What is clear is that the ability to maintain patient privacy is quickly becoming impossible to manage, thanks to the explosion of hand-held cell phones and miniature cameras, not to mention the requirement for electronic medical records for those receiving government-funded health care.

Real patient privacy remains a local challenge, not a universal, governmental one. Sadly, in our attempt to provide global governmental privacy protections, we forgot to protect those that are most affected when breeches occur: the innocent workers and patients themselves.



Tim Hulsey, MD said...

Oh, what a tangled web is weaved when the omniscient government intervenes to solve our problems and simplify the process!

Lisa said...

HIPAA is hogwash. It doesn't protect anything. When I asked to see a copy of the records at the hospital, I was told they were with a company in Birmingham who they hired to insure HIPAA compliance. I would have to request the records from them. The company wanted $650 to send me a copy of my records. When I asked my dermatologist for a copy of the biopsy report I was told that the request would have to be approved by the office manager. She wouldn't be in the office until Tuesday. On Tuesday I called asking for a copy of the report and was told that she would take my report home with her to review, I could pick it up on her next scheduled work day on Thursday. On Thursday I called and was told they were sorry, but she'd taken a day off and wouldn't be back in until Tuesday. On Tuesday she hadn't signed the approval yet...This is not protecting my right to see and obtain a copy of my records. For my oncologist to have permission to share the results of my blood test to my nephrologist, I have to print, sign and fax a request to have it done. About half the time the request is ignored and I have to redo the test for a second time in a week. This makes me feel almost violated by HIPAA. My electrophysiologist prints 2 copies of my ECG and hands one to me unasked. He really is my favorite doctor.