Why Do we Even Need HIPAA?

In the healthcare industry, it seems that nothing is more confusing than the HIPAA Privacy Rule. Before HIPAA, healthcare providers had to provide patient privacy or face penalties from their respective licensing boards. Patient privacy was not really defined. The penalties ranged anywhere from receiving a warning letter to losing one’s license.

The HIPAA Privacy Rule was created to bring uniform guidelines on how to handle Protected Health Information (PHI). When someone reports a HIPAA violation, the Office of Civil Rights (OCR) conducts an investigation. Most of the time, the OCR addresses HIPAA violations with added training and guidelines. Sometimes the violator is fined. Because some of the bigger fines have ended up in the news, healthcare providers, employees and even patients are increasingly worried about angering Big Brother.

Most people agree that in this day of stolen data, laptops and identities, there have to be some guidelines on how patient data is stored and shared. I don’t know about you, but when I’m interviewing for a job, I’m glad the interviewing company won’t see my medical records when they Google me. I’m also glad that HIPAA is helping protect me from identity theft. Yes, you’ve read that right: industry news reports that healthcare data has become the target of identity thieves because it contains even more information than financial data!

What is HIPAA Hysteria?

You may have noticed that healthcare staff is becoming very tight lipped even when they should be communicating with you. What was meant to be a layer of protection for the patient has grown into a monster. Employees are removing baby pictures from their lobbies, hiding patient sign-in forms and speaking in coded whispers. Providers are refusing to speak to parents about their own children. ER staff are afraid to give family updates about their loved ones. HIPAA fear is reducing communication in ways that were never intended.

The HIPAA rules themselves don’t seem to be creating this breakdown in communication. In fact, most medical offices that are following basic HIPAA guidelines and using common-sense are not violating any HIPAA rules. The problem seems to be this mushroom of confusion surrounding what constitutes a HIPAA violation. When in doubt, the notion “better safe than sorry” has become the norm. This confusion and fear has trickled down to the very patients HIPAA is meant to protect.

A quick search on Google will show patients asking a multitude of HIPAA-violation questions that don’t apply to them:

-“Is it a HIPAA violation if I drop my own prescription receipt and someone else sees it?” or

-“I was in a restaurant and heard a father speaking to his child about her health condition, wasn’t he violating her HIPAA rights?”

or

-“Can I be sued? I think I violated HIPAA…”

…some are referring to this trend as HIPAA Hysteria.

HIPAA Expertise vs. HIPAA Hysteria

The truth of the matter is that the HIPAA Privacy Rule is not always black and white. There are still some notable grey areas that are difficult to figure out… Think you’ve done all your homework and know all the answers? We dare you to take our challenging HIPAA Expert Quiz and find out whether you are blessed with HIPAA Expertise, or are just suffering from HIPAA Hysteria.

Take the HIPAA Expert Quiz