Churchgoers in a small New England town were astonished by an announcement from the pulpit last Sunday that due to new federal medical privacy legislation there no longer would be a prayer list or mention of ailing parishioners or family members in church.Ê According to the pastor, those in need would remain anonymous and be assigned a random number for which the congregation could offer prayer.
In Massachusetts, a mother's call to her pediatrician's office grew heated recently when a nurse, citing the new federal privacy laws, repeatedly refused to release the results of medical tests performed on the woman's seven-month-old son.
At a hospital in New York, the anxious parents of a 26-year-old comatose patient in severe liver failure were unable to find out important details about his condition and treatment because he had not yet signed a release form required under the new federal privacy legislation.
These are but a few of the countless unintended consequences of the law known as HIPAA and its extensive privacy regulations which took effect on April 14.Ê
Congress originally passed the Health Insurance Portability and Accountability Act (HIPAA) in 1996 with the laudable goals of standardizing electronic billing and health care claims, allowing a terminated employee to temporarily maintain his or her company's medical coverage, and curtailing the runaway marketing of private health information to outside companies.Ê Unfortunately, Congress and the U.S. Department of Health and Human Services (HHS) didn't stop there. Ê
In August 2002, HHS sought to establish national standards for medical privacy by adding to HIPAA a long list of new personal privacy protections, including prohibiting the use or disclosure of an individual's health information unless specifically authorized by that individual.Ê On top of the already thousands of ambiguous and burdensome regulations included in HIPAA, the law soon ballooned into a gargantuan monolith to Big Government, bearing a price tag for business community compliance at nearly $43 billion, according to estimates by the American Hospital Association.Ê
While the regulations most directly impact the health care industry, including hospitals, doctors, insurers, pharmacies and their "business associates" – such as law firms and billing agencies – all companies in America are having to rethink the way they administer their health insurance plans and conduct their human resources.
While many of the complicated provisions in the law remain open to interpretation, the fear of draconian civil and criminal penalties – ranging from a $100 fine per violation up to $250,000 in fines and 10 years in prison – has many nervous business owners and health care administrators going overboard to comply:
In some offices, memos are no longer being circulated for co-worker baby showers, nor are "Get Well Soon" cards for sick employees, as they are seen as violating an employee's personal medical privacy.Ê
Doctor's offices are removing sign-in sheets and are no longer calling out patient names in their waiting rooms.
At most businesses, employees must sign authorization forms before a human resources person can discuss medical benefits, including helping to decipher complicated medical claim forms.Ê And, before a human resources person can talk to an employee about his or her family member's medical problem, that family member must sign his or her own disclosure form.Ê
Pharmacies around the country have installed private rooms for customers to ask questions about prescriptions, as well as glass barriers to muffle their chatter behind the counter.Ê To pick up a prescription for a family member one has to be able to recite the specific drug's name and what it has been prescribed for.Ê
Hospitals, doctor's offices and pharmacies have spent millions training staff on the new provisions (including custodians, valets, even candy stripers), printing privacy procedure manuals and customer consent forms, and updating computers and filing procedures. Ê
At hospitals, before patients are admitted they must read five-to-seven page manuals detailing their privacy rights and sign a form acknowledging that they've read them.Ê Patients must then sign another form granting the hospital the right to list them on its patient directory before any information can be given out to someone calling or wishing to visit the patient, including family members and clergy.Ê
Separate express authorization forms for the release of information in hospitals are needed for every provider consulted down the line, including the anesthesiologist, lab technician, etc.Ê This gets a little tricky if the patient comes into the hospital incapacitated or is comatose.
Health-care providers are rewriting contracts and agreements with every company they do business with, including florists, marketing firms, and law firms, subjecting them to the same strict privacy standards.
As one nursing home administrator put it to the Bismark Tribune, preparations by the business community for enactment of the regulations were "more extensive and expensive than Y2K."
American sociologist Robert K. Merton, who in 1936 famously theorized on the "law of unintended consequences," explains that the "imperious immediacy of interest" is a root cause of this phenomenon.Ê What that means, according to Rob Norton, former economics editor of Fortune magazine, is that "an individual wants the intended consequence so much that he purposefully chooses to ignore any unintended effects."Ê This is all too frequently the case with Congress.
America is in the midst of a privacy frenzy.Ê With the advent of the Internet, which brought spam, identity theft and other privacy intrusions home to consumers, Congress is being besieged with calls for urgent new privacy laws.Ê While America's concern over privacy has merit, Congress is rushing to pass legislation without truly examining the high cost to society of overly-burdensome privacy regulations.Ê
The provisions in HIPAA are so broad that one wonders what would happen if a congressman or the President is suffering from a life-threatening ailment.Ê Would a newspaper or television reporter be subject to criminal penalties for leaking the story without express authorization?Ê And what about that long list of names posted outside of hospitals and at "Ground Zero" in the days after the September 11 tragedy?Ê The list goes on and on.
HIPAA was originally intended to save billions by unifying and standardizing complexities of the health care industry.Ê In the end, it will cost consumers billions as business owners pass along this latest unfunded federal mandate.Ê
As Tanya Ask with Blue Cross Blue Shield of Montana – which will spend about $3 million complying with HIPAA – put it to The Missoulian: Ê"It's additional protection, but additional protection comes with a price."ÊMay 15, 2003