The 22-Year HIPAA ‘Privacy’ Misnomer
HIPAA Changes May Be Coming, But No Evidence HHS Is Working to Return Privacy Rights to Patients, Says Citizens’ Council for Health Freedom
PAUL, Minn.—For more than two decades, the Health Insurance Portability and Accountability Act (HIPAA) and its federal rule have been touted as a way to keep patients’ personal medical information private.
But HIPAA has been under a “privacy” misnomer for 22 years, and in fact, doesn’t protect patient privacy at all.
“HIPAA is considered a ‘permissive’ rule,” says author Twila Brase, president and co-founder of Citizens’ Council for Health Freedom (CCHF). “While it does not require sharing of data except with the subjects of the data—the patients—and with the secretary of HHS for monitoring compliance with the rule, it permits sharing hither and yon.”
“It’s a common misconception that [HIPAA] makes it difficult, if not impossible, to move electronic health data when and where it is needed for patient care and health,” according to the Office of the National Coordinator for Health Information Technology (ONC). Brase reports this information in her new book, “Big Brother in the Exam Room: The Dangerous Truth About Electronic Health Records.” Sharing is determined by covered entities, which “may rely on professional ethics and best judgments in deciding which of these permissive uses and disclosures to make,” writes the Department of Health and Human Services (HHS). In short, HIPAA “improves the flow of health information” says a former chief privacy officer of ONC.
Brase adds that according to a 2010 HHS regulation, more than 2.2 million entities (covered entities and business associates) have the potential to be given access to private patient data without patient consent as a result of HIPAA. This number doesn’t include government entities with access to patient data because they aren’t considered covered entities or business associates.
Careers Info Security recently reported that HHS is weighing changes to health data privacy regulations, including HIPAA and the 42 CR Part 2 law, which pertains to substance abuse and mental health information.
HHS Secretary Alex Azar reportedly talked about the potential changes in a speech at the Heritage Foundation late last month. These changes may include reducing the regulatory burden on America’s physicians. This could be a positive development, Brase said, but Azar also alluded to support for a “fully digitized” health care system and focused on doctors being paid for “value,” which could mean even more information sharing under HIPAA.
“Restoring privacy and consent rights back to patients doesn’t appear on the agenda despite his stated vision of ‘putting patients in charge of their own health data,’” Brase said. “Until the administration clearly says that they are going to resurrect patient consent requirements, there’s little hope for patient control of data.”
Additionally, according to EHR Intelligence, Centers for Medicare and Medicaid Services Administrator Seema Verma told doctors in a letter that a lack of interoperability between EHR systems has been a detrimental roadblock to the success of EHR technology, calling for the ability to share “complete patient health data.”
While Brase disagrees with this goal, unless patients voluntarily consent to it, Brase and Verma do agree on one thing—coding, paperwork and regulations are contributing to physician burnout. As Brase writes in her new book and a recent study reports, the EHR is the primary culprit. And without HIPAA, the government-certified EHR now threatening the practice of medicine could not have been imposed nationwide.
HIPAA, which authorizes the compromise of private patient data, was enacted 22 years ago next week, on Aug. 21, 1996. Over the years, Brase reports in “Big Brother in the Exam Room,” tens of thousands of HIPAA violation complaints have been made, rising steadily since 2011 and reaching 165,175 as of September 2017.
“How many of these complaints are from people who don’t understand how broadly their data can be shared under the law?” Brase asked. “HIPAA was designed to modernize the flow of health information, as I quoted George Washington University Research Professor of Law Daniel J. Solove in ‘Big Brother in the Exam Room.’ It was never truly designed to protect privacy. And as a former head of the ONC once said, some patients are dismayed to find out that while others can share their data without their consent, they, the subjects of the data, are not allowed to give it to whomever they wish.”
“Big Brother in the Exam Room,” published last month by Beaver’s Pond Press, exposes how and why Congress forced doctors and hospitals to install a data-collecting, command-and-control surveillance system in the exam room. The extensively researched book also includes the negative impact of EHRs on privacy, personalized care, costs, patient safety and more, according to doctors and data from more than 125 studies.
For more information about CCHF, visit www.cchfreedom.org, its Facebook page or its Twitter feed @CCHFreedom. Read more about “Big Brother in the Exam Room” here, and view the media page for CCHF here. For more about CCHF’s free-market, cash-based care initiative, The Wedge of Health Freedom, visit www.JointheWedge.com, The Wedge Facebook page or follow The Wedge on Twitter @wedgeoffreedom.