Privacy and absurdity in health care

There is now great emphasis on privacy in health care, which is important. But what is not recognized is that privacy does not imply absurdity. The HIPAA law (Health Insurance Portability and Accountability Act) requires privacy. The problem is that people, medical people, do not know what this means. Thus many weird ideas have arisen, some perhaps deliberately, but with no basis in reality or law. These are wrong and can be harmful. The fundamental rule is use common sense, something quite uncommon.

One absurd idea is that HIPAA prohibits e-mail, requiring the use of less secure telephones.

The supposed e-mail rule is not true. The Privacy Rule permits communications in any form if they are “reasonable.” To see the official HHS position on this, go to the OCR website at Then enter e-mail in the search box and it will appear.

“Does the HIPAA Privacy Rule permit a doctor, laboratory, or other
health care provider to share patient health information for treatment
purposes by fax, e-mail, or over the phone?
Yes. The Privacy Rule allows covered health care providers to share
protected health information for treatment purposes without patient
authorization, as long as they use reasonable safeguards when doing
so. These treatment communications may occur orally or in writing, by
phone, fax, e-mail, or otherwise.

For example:

– A laboratory may fax, or communicate over the phone, a patient’s
medical test results to a physician.
– A physician may mail or fax a copy of a patient’s medical record to
a specialist who intends to treat the patient.
– A hospital may fax a patient’s health care instructions to a nursing
home to which the patient is to be transferred.
– A doctor may discuss a patient’s condition over the phone with an
emergency room physician who is providing the patient with emergency
– A doctor may orally discuss a patient’s treatment regimen with a
nurse who will be involved in the patient’s care.
– A physician may consult with another physician by e-mail about a
patient’s condition.
– A hospital may share an organ donor’s medical information with
another hospital treating the organ recipient.

The Privacy Rule requires that covered health care providers apply
reasonable safeguards when making these communications to protect the
information from inappropriate use or disclosure. These safeguards may
vary depending on the mode of communication used. For example, when
faxing protected health information to a telephone number that is not
regularly used, a reasonable safeguard may involve a provider first
confirming the fax number with the intended recipient. Similarly, a
covered entity may pre-program frequently used numbers directly into
the fax machine to avoid misdirecting the information. When discussing
patient health information orally with another provider in proximity
of others, a doctor may be able to reasonably safeguard the
information by lowering his or her voice.”

This takes care of that absurdity and provides a means of dealing with others.

Thanks to Mark A. Rothstein for aid in getting this information.


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: