In response to the Health IT Strategist reader poll "Both privacy organizations and their online readers recently gave President Barack Obama's administration mixed grades on privacy protection. What grade would you give the Obama administration on healthcare privacy protection?":Federal efforts so far (via the Health Insurance Portability and Accountability Act of 1996, the American Recovery and Reinvestment Act of 2009, etc.) to safeguard medical privacy are, in my opinion, headed toward failure. There are rules—lots of rules, enough rules so that the average healthcare worker cannot be expected to understand or remember them all. The rules do not really protect privacy, what they do is establish penalties for those found to have violated them. This has produced lots of activity, generally oriented to protecting against penalties rather than actually protecting privacy. This activity is expensive and is getting more expensive, exacerbating the issue of healthcare costs, while producing little that's of actual value. The average patient knows what HIPAA is—it's a bunch of forms on a clipboard that you have to sign if you want treatment.
What's missing? A vision and a set of values. What are we really trying to protect? What are we willing to sacrifice in order to protect it? Does medical privacy allow a carrier of a potent, contagious disease to refuse treatment and expose others without being identified? Does medical privacy mean that emergency responders cannot find out an unconscious victim's allergies until after getting a warrant? I hope that the answer to both questions is “no,” but the current debate suggests that there is no consensus yet, especially where the patient has not yet been able to demonstrate citizenship.
When a celebrity seeks medical treatment for a condition that suggests sex or drugs, there seems to be a very low possibility that confidentiality will be maintained. The response to such an event involves rules and violations thereof, and generally involves fines and termination of the employment of some clerical staff. None of which addresses the privacy issue, which is that the patient's reputation is irretrievably stained by the resulting allegations. Whether the allegations are accurate or not is beside the point.
Medical privacy will not happen until after there is a broad, open debate on these issues leading to a compelling public consensus on what we are trying to prevent and why. A legal-slash-regulatory solution full of exceptions and penalties will not get us there because too few people will internalize it or even understand it. Leaders of the federal and medical communities should be working to reach this public consensus.
Dwight Arthur
Founder
GrantSmiths
Mahopac, N.Y.
What do you think? Submit a letter to Your Views. Please include your name, title, company and hometown. Health IT Strategist reserves the right to edit all submissions.
Also, please share your thoughts by taking our latest HITS reader poll.
