Correspondence

The Adverse Effects of HIPAA on Patient Care

N Engl J Med 2003; 349:309July 17, 2003

Article

To the Editor:

Although the goal of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) is to protect patients' privacy and rights, such protections, if either misunderstood or overzealously applied, could impede necessary communication and thereby negatively affect patient care and safety. One of the explicit exemptions to the requirement that patients authorize the release of protected health information deals with the use of such information for the provision of treatment. We report two intrusions into patients' treatment resulting from misinterpretations of HIPAA.

A patient between 50 and 70 years of age (exact age and sex withheld in compliance with HIPAA) underwent cardiac transplantation at the Tufts–New England Medical Center. The care team was notified two days after the operation that the donor's blood cultures had revealed bacteremia. The infectious-disease consultant contacted the hospital that had cared for the donor to ascertain the identity of the bacterium so that antibiotic therapy could be properly tailored for the now-immunosuppressed recipient. The donor's hospital stated that providing such information would violate HIPAA, since the hospital did not have authorization (from the now-deceased donor), notwithstanding the fact that time was of the essence for the recipient. Although clinical common sense should make this scenario a non-issue, HIPAA impeded clinical care.

A patient between 40 and 50 years of age was referred to a cardiologist for the urgent evaluation of chest pain after an exercise stress test. With the patient in the examination room, the cardiologist asked that the tracings from the stress test be faxed for his review. At that time, the patient was extremely anxious. The referring facility refused to fax the tracings, stating that using a fax would violate HIPAA, notwithstanding the patient's oral demand that the tracings be faxed and assurance that the receiving fax machine was in a secure location. Although the tracings were eventually received, this misinterpretation of the HIPAA privacy regulation added two full hours to this patient's evaluation. The patient became upset and required urgent catheterization and angioplasty the next day.

We hope that these two anecdotes help to inform clinicians and other health care providers about the potential risks to patient care engendered by overzealous interpretation of HIPAA and a misunderstanding of its exemption for purposes of treatment.

Deeb N. Salem, M.D.
Stephen G. Pauker, M.D.
Tufts–New England Medical Center, Boston, MA 02111
spauker@tufts-nemc.org

Citing Articles (4)

Citing Articles

1. 1

   Kenneth S. Boockvar, Bella Fridman. (2006) Inter-Facility Transfer of Patient Information Before and After HIPAA Privacy Measures. Journal of the American Medical Directors Association 7:3, S39-S44
   CrossRef

2. 2

   Rebecca D. Pentz, Susan K. Peterson, Beatty Watts, Sally W. Vernon, Patrick M. Lynch, Laura M. Koehly, Ellen R. Gritz. (2005) Hereditary Nonpolyposis Colorectal Cancer Family Members' Perceptions about the Duty to Inform and Health Professionals' Role in Disseminating Genetic Information. Genetic Testing 9:3, 261-268
   CrossRef

3. 3

   Kenneth S. Boockvar, Bella Fridman. (2005) Inter-Facility Transfer of Patient Information Before and After HIPAA Privacy Measures. Journal of the American Medical Directors Association 6:5, 310-315
   CrossRef

4. 4

   Kenneth S. Boockvar, Bella Fridman. (2005) Inter-Facility Transfer of Patient Information Before and After HIPAA Privacy Measures. Journal of the American Medical Directors Association 6:5, 310???315
   CrossRef