HIPAA for thee but not for me…

Time for a rant!  I’ve written a lot lately about caring for our patients, and about caring for our spouses and those things make me very happy. But now and then, things rub me the wrong way.

I was recently working at TMH, or Tiny Memorial Hospital…my vague name for small facilities since I work at several and wish to preserve their anonymity.  While there a patient checked into the ED for a fairly unremarkable complaint, for which she was evaluated and treated in a reasonable time.

But before she left, we received a phone call from ‘the Mother Ship.’  TMH is part of a large system of hospitals.  The phone call was from the ‘foundation.’  Turns out our patient was a donor well known to said foundation.

Mind you, we never called them, texted them, e-mailed or faxed them. No consultants were contacted, no transfers arranged.  We were just doing our simple doctor and nurse thing.  But the Mother Ship was inquiring how she was.  Which means that someone was notified about her visit to the ED.

Now mind you, it may be that she agreed to this in the process of supporting the institution.  Maybe it was a perk.  I didn’t ask.

But what bothers me is that if any one of the nurses on staff had so much as looked up their own lab-work, they would have been terminated for a violation of HIPAA, the privacy statute.


This is a common policy, but let me repeat it.  According to most hospitals’ interpretation of federal privacy statutes, looking up one’s own results on the hospital computer is a firing offense.  Not only so, but spyware is installed so that the staff’s home addresses are cross-linked to those of their neighbors just in case they look up someone else’s information…a friend who asks for information, for instance.

Furthermore, I cannot even hand a patient his or her lab-work to take to his or her physician the next day. Why?  It’s a violation of privacy.  I don’t understand, but I doubt if I’m supposed to understand.  (Almost all things federal dwell in a kind of fog impenetrable by logic and reason.)

But donate enough and someone will know when and where you went to the ER.   And that’s just good customer service, right?  Right.

Privacy, HIPAA, is for little people.

And yet: Quis custodiet ipsos custodes?

‘Who will guard the guards themselves,’ or as it is commonly rendered, ‘who watches the watchers?’

I don’t know, but I guess we all need to watch ourselves lest we end up fired.

The only other alternative, it seems, is to donate a lot of money.

4 thoughts on “HIPAA for thee but not for me…

  1. Possible that the donor/patient notified someone herself, in search of better (meaning more fawning, not actually “better”) care?

  2. You raise good points, Edwin. It can sometimes seem like the hospital admin is trying to have it both ways – deliberately inviting privacy violations when donors are patients, but punishing seemingly harmless infractions (like looking up your own data) that technically don’t violate anyone’s privacy.

    The root of the “don’t look up your own data” rule is that HIPAA compliance requires personnel only access information that’s directly relevant to their jobs. I suppose it’s a noble goal to discourage idly reviewing charts of people who aren’t in your direct care, but yes, it does seem that termination for reviewing one’s own lab results is overblown.

    Scratching my head at the rule about not giving patients a printout of their data, at discharge. I don’t think this is a federal prohibition but maybe a local interpretation of the rule (if the patient loses their paperwork on the bus, could they turn around and blame the hospital?). Certainly in my state, forwarding data to patients’ doctors or handing them their results, when asked, is mandated.

  3. Ed, I share your frustration. In my experience, HIPAA means whatever hospital administrators say it means. It gives them a degree of power and satisfaction that I suspect government bureaucrats feel when they make up rules for us little people to follow. For our own good, you understand

Leave a Reply

Your email address will not be published. Required fields are marked *