I find myself thinking about HIPAA lately and wondering if it is doing the job it was designed to do. I find it is becoming a weapon used to impede interaction with involved parties. Yes, it was created to protect a person’s health information from unauthorized eyes, as well as had over control to the individual as to who can view information. It doesn’t seem to be working that way.
One of the major problems is, when asked to sign a HIPAA form at a hospital or doctor’s office, the authorization has a global reach. I had a doctor refuse to take on a client because she wouldn’t allow carte blanche access to any genetic testing. She felt she wanted the doctor to tell her each time she was revealing this information, who was asking and why was it important. She had her reasons but if she wanted this doctor she needed to sign. The doctor said, he couldn’t do his job properly if he didn’t have access when he needed it. So the HIPAA laws says a person can deny access but as my client found out, it has consequences.
I also find many people like customer service representatives and some medical office staff, don’t understand the HIPAA laws. Sometimes, even when I send a HIPAA form, they scrutinize it until I have to ask for a supervisor. I have a federally designated standard form on my letterhead and I have every new client fill one out for me. My first call to any business office or insurer is to ask for the fax number to send the release. Even when I send it, it can take days. Corporate owned nursing homes are the worst because they either have no policy and get all flustered, or the policy states all HIPAA forms have to reviewed by the lawyers. Any time a lawyer is involved, it takes an extra five days.
Business offices are now becoming problematic and I don’t know why there is a shift in policies. I recently had an interaction with a hospital business office that refused to talk to me about specifics for a bill payment plan or reduced final payment. I had a HIPAA form signed by my client. I finally spoke with a supervisor (no easy task in business offices) and was told this was the policy. They only talk to the patient. I asked how that could be when I had a HIPAA form. The supervisor said it was the policy and then asked, why can’t the patient call? My initial thought was, if I have a HIPAA form, that question is irrelevant. I did talk my way into getting the information.
It seems the policy of the hospital business office may be a picture of the future. To get around the HIPAA laws, policies are being put in place “to further protect the patient”. If a patient designates someone to speak with medical and ancillary parties, ask the questions, and negotiate payment plans, how can a policy that limits the designate be legal? I am considering writing the Attorney Generals office of the state my client resides.
What is interesting here is patients records are available to a wide range of medical professionals supposedly to improve quality of care. Insurance companies have access but when a patient wants to use HIPAA to help them navigate the system or be more empowered, it is becoming increasingly cumbersome and denied. Everyone fears a HIPAA breach because the penalties are brutal. We need to be reminded the law is for the patent’s protection. It seems the patient is being lost in the web of HIPAA minutia.