Citizens’ Council for Health Freedom Urges Americans to Tell Feds That HIPAA Hurts Patients
CCHF: HIPAA Doesn’t Protect Privacy at All; Office for Civil Rights Requesting Comments on Possible Change to HIPAA Rule by Feb. 12
PAUL, Minn.—One of the resolute aims of Citizens’ Council for Health Freedom (CCHF) has been to educate Americans that the 1996 Health Insurance Portability and Accountability Act “Privacy Rule” really isn’t about privacy at all.
HIPAA is a permissive disclosure rule allowing most information to be shared for many purposes without patient consent, said CCHF president and co-founder Twila Brase.
“HIPAA is not a privacy rule, but most Americans don’t know that,” Brase added.
Now, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services has issued a “Request for Information on Modifying HIPAA Rules To Improve Coordinated Care.” According to the comments received, OCR will issue a proposed rule to change the HIPAA rule, perhaps by summer 2019.
Therefore, CCHF is encouraging Americans to make their comments to OCR for this key and rare opportunity to change the HIPAA “no-privacy” rule. The deadline for comments is tomorrow, Feb. 12.
“HIPAA does not protect privacy,” Brase reiterated. “It permits countless uses and disclosures of patient data without patient consent. Many of these disclosures and uses have nothing to do with patient care. Plus, its regulatory burdens are high on hospitals, doctors, health plans and innumerable business associates. OCR appears to want to decrease these regulatory burdens.”
Specifically, CCHF reports, OCR “seeks public input on ways to modify the HIPAA Rules to remove regulatory obstacles and decrease regulatory burdens in order to facilitate efficient care coordination and/or case management and to promote the transformation to value-based health care, while preserving the privacy and security of PHI [protected health information].”
OCR is asking for comments on:
- Detailing Disclosures to Patients: “Implementing the HITECH Act requirement to include, in an accounting of disclosures, disclosures for treatment, payment, and health care operations (TPO) from an electronic health record (EHR) in a manner that provides helpful information to individuals, while minimizing regulatory burdens and disincentives to the adoption and use of interoperable EHRs.” NOTE: the definition of “health care operations” is a nearly 400-word list of non-clinical activities.
- HIPAA Form: “Eliminating or modifying the requirement for covered health care providers to make a good faith effort to obtain individual’s written acknowledgment of receipt of providers’ Notice of Privacy Practices, to reduce burden and free up resources for covered entities to devote to coordinated care without compromising transparency or an individual’s awareness of his or her rights.”
Even before the RFI, CCHF communicated with OCR, telling officials that Americans have been deceived by the HIPAA “privacy” rule, are being denied access to care for refusing to sign the HIPAA form—and more. CCHF also has a web page to report harms experienced by patients: www.hippahurtme.com.
CCHF is asking Americans to take the opportunity to tell federal officials how HIPAA hurts patients by clicking the response link to send a response to the request today—or no later than tomorrow, February 12.
CCHF is providing a sample comment and reminding respondents to add at least one or two of their own sentences, or a personal account of how HIPAA hurt them, such as being denied care for refusal to sign the HIPAA form or statement acknowledging receipt of the clinic or hospital “Notice of Privacy Practices.”
Thank you for proposing to modify HIPAA. OCR should modify HIPAA to make sure Americans and state policymakers know that HIPAA does not protect patient privacy rights; that it allows private medical information to be shared broadly, used, and entered into a state or national health information network without patient consent.
OCR should change the name of the rule, the acknowledgement form, and the notice of “privacy practices.” OCR should also prohibit doctors and hospitals from telling patients that HIPAA is a privacy rule and from refusing to treat patients if they refuse to sign the form.
Instead patients should be notified that HIPAA does not protect privacy, and exactly what information is shared with whom, and how patients can get a full accounting of ALL disclosures of their data, including who shared it, who got it, for what purpose and how much was paid for it or earned from it.
Not only should I get an accounting of disclosures related to treatment, payment and health care operations (TPO), OCR should also reinstate consent requirements for data-sharing for TPO, ending much of the violation that HIPAA is to my patient, privacy and constitutional rights.
Finally, I’m uncertain how “care coordination,” “care management,” and “value-based health care” are defined or if I would support sharing my data for these purposes, but making it even easier under HIPAA to share my data without my consent would be wrong. Yes, HIPAA should be modified, but it should be modified by ending the HIPAA deception and reinstating the consent and privacy rights I had before HIPAA. Thank you for considering my concerns.
In a new book, Brase writes extensively about the privacy-stealing HIPAA rule, as well as socialized medicine, patient privacy, electronic health records, health freedom and how the Affordable Care Act has harmed patients and doctors since 2010. Find “Big Brother in the Exam Room: The Dangerous Truth About Electronic Health Records” online wherever books are sold or at BigBrotherintheExamRoom.com.
Learn more about CCHF at www.cchfreedom.org, its Facebook page or its Twitter feed @CCHFreedom. Also view the media page for CCHF here. For more about CCHF’s initiative The Wedge of Health Freedom, visit www.JointheWedge.com, The Wedge Facebook page or follow The Wedge on Twitter @wedgeoffreedom.