Slashdot Mirror

← Back to Stories (view on slashdot.org)

Medical Privacy Laws Highly Ineffectual

Posted by Zonk on from the get-effectual dept.

Rick Zeman writes "According to the Washington Post, since Americans gained statutory privacy for their medical records backed by the US Federal Government (via HIPAA), the Bush administration has received thousands of complaints alleging violations but has not imposed a single civil fine and has prosecuted just two criminal cases saying that they were pursuing 'voluntary compliance.'" From the article: "'It's like when you're driving a car,' said consultant Gary Christoph of Teradata Government Systems of Dayton, Ohio. 'If you are speeding down the highway and no one is watching, you're much more likely to speed. The problem with voluntary compliance is, it doesn't seem to be motivating people to comply.'"

5 of 133 comments (clear)

  1. Do you really want them to act on every complaint? by MikeRT · · Score: 4, Interesting

    How many of these cases were privacy violations due to accidents, staff inexperience, etc.? Do you really want doctors getting in legal trouble over trivial violations their first time or a particular staffer's first time? That is a GREAT way to drive up their insurance costs which only benefits lawyers and the insurance industry. You, in turn, pay higher medical costs.

    And whatever happened to innocent until proven guilty? This sounds a lot like the feminist tendency to say "she claimed she was rape, and women never lie about rape, thus she must have been raped." People get impassioned and complain all of the time for invalid reasons. People also complain out of ignorance, what they feel the law ought to be, etc. Broadcasting would be dead if every complaint sent to the FCC was taken at face value, and every slip of indecency were fined.

    How about we work toward some real privacy like, I don't know, fighting to keep the DMV from selling our records, the IRS our tax records (they want to do that now), get laws passed making law enforcement DNA databases available only to the police and NEVER to insurance groups, the DoJ requiring mandatory data retention and things like that.

  2. Re:Considering the recent incidents..... by plague3106 · · Score: 3, Interesting

    The problem is that the health care facility doesn't care either.

    My wife works in a hospital processing insurance. She complies with HIPPA (because privacy of her medical records is important to her), and will report the many violations she sees (technically, she could be fired for not reporting). However, her manager and upper management never do anything but give a verbal warning.

    There have been some pretty major violations too. They just don't care.

  3. Why HIPPA is broken by callistra.moonshadow · · Score: 4, Interesting

    Case in point: My father was hospitalized and I was called to approve treatment over the phone. The ER personnel never gave me the HIPPA security code. Later I called to check on his status. The nursing desk staff refused to give me that information citing HIPPA. Uh...they called me as medical power of attorney to give permission to treat him yet they never gave me the top-secret security code. When I pointed out how ludicrous that was they just used HIPPA as the reason to not give me my dad's health status. I managed to bypass the idiocy with the use of said Protected Healthcare information to get the information requested. It just shows that laws are made by the powers, but the analysis of the use-cases that will interact with the laws have not been given the proper review for the cases that are exceptions. So, all that said, nothing surprises me.

    --
    --Cally
  4. Laws Not Enforced, my story by tiltowait · · Score: 5, Interesting

    Last year my health insurance company, in response to a billing dispute, send me a full page from their billing database. The record for my family took up just one paragraph, and above and below it I could see other patient names, billing codes, account numbers, and more.

    I asked them to explain this, and got no response. I sent the sheet of paper to the US Department of Health & Human Services. A few months later I got a letter back in the mail from them, stating that they had investigated the situation, the provider (Humana) admitted making a mistake which resulted in a privacy violation, and they weren't going to do a damn thing about it.

    So, I'm hardly surprised by this article. Still it's sad to see I was in the 73 percent of cases.

  5. Software and Policies are at fault by SpaceBass · · Score: 4, Interesting

    First, there is a LOT to HIPPA to understand. People often think any discussion of their medical history is a violation. The truth is you sign a lot over when you sign HIPPA wavers. For instance, the right for your care giver to discuss anything about you with any other potential care giver (often)...you want this, trust me.

    One of the areas that does continually suprise me is that medical records are stored, transmitted and displayed all in clear text. Some of the major manufacturers of the healthcare software often use FTP (not Sftp) to exchange records with their customers. Even internally with in a hospital, records are transmitted from one system to another in clear text.

    If you want security, ask your care give how they are protecting your electronic records.