Article 43


Saturday, September 15, 2007

Ignorance And Strongarm Hospital Tactics To Share Patient Info


Your medical information is shared by a wide range of people both in and out of the health care industry. Generally, access to your records is obtained when you agree to let others see them. In reality, you may have no choice but to agree to the sharing of your health information if you want to obtain care and qualify for insurance.
- Privacy Rights Clearinghouse

Since the creation of the Hippocratic oath about 400 B.C., protecting the privacy of patients has been an important part of physicians’ code of conduct. Over time, health information has come into use by many organizations and individuals who are not subject to medical ethics codes, including employers, insurers, government program administrators, attorneys and others. As uses of medical information multiplied, so have regulatory protections for this highly sensitive and deeply personal information.
- Economic Privacy Information Center on Medical Privacy

THIS SEARCH RETURNS MEDICAL RECORDS for personal use, insurance companies, attorneys and other qualified users. Peoples medical information does not only reside at their Doctor’s office. Today, individual health and medical data is collected, collated, stored, analyzed and distributed in unprecedented quantities and put to diverse uses. Payers can not only tap patient data for claims payment; they use it for utilization review, underwriting and coverage decisions. Employers use health data to reduce their health care and workers compensation costs, as well as to identify employees who may be costly in the future. Health care providers use the data for research, to collect reimbursement, coordinate diagnosis and treatment, conduct quality assurance and monitor other providers.
- Akiba Medical Record Search

When patients realize neither they nor their treating physicians have the right to stop the flow of sensitive medical information out of doctor’s offices and other treatment sites, they will vote with their feet. They will avoid medical care for as long as possible, they will omit sensitive information or they will provide false information to try to protect themselves.
- HIPAA’s Real Effect: The End Of Medical Privacy

...doctors aren’t terribly fond of patients leaving negative comments of them all over the Internet. They, however, aren’t taking the lawsuit routeat least not yet. Instead, doctors are asking patients to sign agreements that bar them from posting comments on everything from review sites to blogs, and then attempting to have the reviews removed if they break the gag order.
Doctors Vs The Constitution


I was treated at Florida Hospital recently.

On the way out, I was asked to fill out some paperwork.

The treatment consent form included text that gives the hospital the ok to share any medical and personal information with any third party they wish, without restriction.  It also says it’s ok to cross that part out and initial in the margin if you object.  Which I did.  The clerk at the discharge desk didn’t seem happy at this. She insisted on a picture ID, then called the hospital director. 

The director, claimed familiarity with the form, and insisted no such text existed, so I pointed it out to him right there in black and white, and noted that the word any - as in any information, any insurance company, any agency, etc - means without restriction.  He then insisted on immediate payment in full or I fill out a new consent form without anything crossed out - giving the hospital the legal right to do anything they wish with my medical and personal records, for any reason whatsoever.

I paid in full with a credit card.

An ILLEGAL ALIEN can PROBABLY get away with NOT PAYING AT ALL. By leaving your wallet home and uttering “No speekee eenglish” you may be able to get away DEBT FREE WITH YOUR PRIVACY NOT CHALLENGED.

By forcing this only option on me - the decision to pay on the spot by credit card with it’s double-digit interest rate - was done under DURESS, and may elicit a COMPLAINT.

The director and clerk may both be IGNORANT - a growing SIN in our society that’s FREELY GIVING AWAY all it’s rights.

What happens the next time when I DON’T HAVE A CREDIT CARD and TRY TO EXERCISE MY RIGHTS to privacy? 


Or show me SOME DOCUMENT that may render the whole point moot, and me a fool for TRYING to stick up for rights I only think we have?

That would make me ignorant too.  But not in FLORIDA.  Over here it’s LAW that hospitals can’t disclose patient records without consent.  But - FLORIDA STATUTE 934.03 lets businesses ELECTRONICALLY TAPE VOICE CONVERSATIONS without consent of both parties.


So what happens if I find myself treated at Florida Hospital again, refuse sharing my medical records with third parties, and can’t pay?

Give in to the director’s coersion and sign away all rights to privacy under duress?

Remind him he has a legal obligation to treat anyone REGARDLESS OF ABILITY TO PAY, and try to work something out?

Walk out to the car, and drive away?


No speekee eenglish?


HIPAA’s Real Effect: The End Of Medical Privacy

By Barry K. Herman, MD, MMM, CPE, FACPE
and Deborah C. Peel, MD
Find Articles - Physician Executive
February 2004

Every American’s entire medical record became an open book on April 14, 2003, the final effective date for compliance with the amendments to the HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) PRIVACY RULE. On that day, every American lost the right to consent to the release of his/her medical records, as a matter of federal law and policy.

The administration did not inform the nation when it eliminated every individual’s right to consent to the release of his/her medical records in a few sentences buried deep within the amendments to the privacy rule. (See 67 Fed. Reg. 53,182, August 14, 2002).

The lack of clear notice also contributed to the media’s and the public’s focus on compliance, instead of on the loss of the right to consent. The far-reaching effects of the current regulations have yet to be appreciated by the public at large, by the media or by physicians.

The amendments to the HIPAA privacy rule grant breathtakingly broad and unprecedented powers to both private corporations and government entities to collect and amass the individual medical data of every person in the United States.

The new doctrine of federal regulatory permission gives over 600,000 “covered entities” and their innumerable business associates the right to access every American’s cradle-to-grave medical records without consent, without notice and without recourse.

Even if treatment is paid for out-of-pocket or an individual never has another contact with the health care system, his or her personal health information may now be accessed for purposes of “health care operations.”

In announcing the amendment to the privacy rule, the U.S. Health and Human Services Department (HHS) stated that “the consent provisions in 164.506 are replaced with a new provision at 164.506(a) that provides regulatory permission for covered entities to use or disclose protected health information for treatment, payment, and health care operations” (67 Fed. Reg. at 53,211).

In a briefing to congressional staff on August 19, 2002, Jim Pyles, a medical privacy expert, wrote that: “The privacy rule applies to covered entities and their business associates.”

Covered entities are health plans (such as HMOs and Medicare Part A and B), health care clearinghouses (entities that process health information), and health care providers (any person or entity who furnishes, bills or is paid for health care). Business associates are a broad range of entities and individuals that provide services to or for covered entities. (160.103)

HHS estimated that the privacy rule affects “over 600,000 entities and virtually every American.” (66 Fed. Reg. at 12,739) The health information that can be covered by the privacy rule is virtually any identifiable health information relating to the “past, present, or future physical or mental condition of an individual.” (164.501)

The amendments to the privacy rule permit these covered entities and business associates to use and disclose identifiable health information for three broad purposes--treatment, payment and health care operations. (67 Fed. Reg. at 53,211)

Many of these purposes, particularly health care operations activities, are related to the business operations of covered entities rather than the need to provide health care to an individual. They include, for example, business planning and development, and business management and general administrative services.

The definitions of treatment, payment and health care operations are so broad that they encompass most of the uses and disclosures of health information.

Under the amendments, hundreds of thousands of entities and individuals nationwide will be able to use and disclose identifiable health information without the patient’s consent or permission so long as they contend that they need it for a purpose related to treatment, payment and health care operations.

It is unlikely that any identifiable health information would be immune from use and disclosure without the patient’s consent under this standard.

Dilemmas for physician executives

The elimination of the right to medical privacy in the HIPAA regulations poses profound ethical and legal dilemmas for physician executives.

If the amendments to HIPAA are allowed to stand, the loss of consent will radically alter the physician-patient relationship and destroy the trust that patients must feel in order to share sensitive medical information.

If there is one thing in the over 1,500 pages of dense federal regulations that every patient will come to understand, it is the loss of the right of consent--that is, the right to control the use and disclosure of one’s own individual health information.

When patients realize neither they nor their treating physicians have the right to stop the flow of sensitive medical information out of doctor’s offices and other treatment sites, they will vote with their feet. They will avoid medical care for as long as possible, they will omit sensitive information or they will provide false information to try to protect themselves.

If the loss of medical privacy stands, it may also create a “black market” of completely private medical care for those few individuals who can afford it.

And finally, if this new federal doctrine eliminating the right to consent is not reversed, currently existing stronger medical privacy laws in every state will fall as industries that profit from access to identifiable medical information pressure each state legislature to eliminate the right of consent. Pressure to weaken existing privacy laws is already underway in Texas and Oregon.

In effect, the Hippocratic Oath - the foundation of medical ethics and the most important of all patients’ rights - has been rescinded by federal decree.

Privacy notices

The HIPAA regulations provide only a floor for patient privacy, not a ceiling. Most HIPAA attorneys have not advised clients, including institutions, health plans, hospitals, group and solo practice physicians, and other covered entities of the extent of their legal and ethical obligations under the HIPAA privacy rules.

They have neglected to inform clients that they are required to give patients notice about how to utilize greater medical privacy protections contained in state laws.

Furthermore, HIPAA specifies that physicians and health professionals should continue to use and follow the longstanding professional codes of ethics for their field or specialty and should develop privacy policies and notices in accordance with these traditional ethical principles.

Sample privacy notices were included as part of the basis for a lawsuit filed against HHS on April 10, 2003, in federal district court in Philadelphia, Pa. The lawsuit aims to overturn the amendments to HIPAA, which eliminate the right to consent. (See Citizens for Health v. Tommy G. Thompson, Secretary, US Dept of HHS, Calif. No. 03-2267 (E.D. Pa.))

As noted in the lawsuit, a review of three sample privacy notices found that patients were not being advised of the existence of more stringent state and common laws governing medical privacy that override the lesser federal protections in the HIPAA floor.

In each case, the privacy notices did not inform patients about how to exercise their rights to prevent access to their medical records under state statutory and common law.

For example, a privacy notice that simply states that “stricter state laws may provide greater protections for people with HIV or AIDS” does not fulfill the legal requirements of HIPAA. (See section 12 in Citizens for Health v. Tommy G. Thompson)

In drafting the HIPAA rule, HHS did not intend for each citizen to be forced to become an expert on the medical privacy statutes in his or her state. The rule requires the covered entities to fully inform patients of their rights under state and common law.

Physician executives may wish to obtain a legal review of any corporate or institutional privacy notices with the common defects described above, in order to be sure that they and their parent facility or employer does not incur liability for omitting required state-specific information about medical privacy laws and information about how patients can exercise their rights to protect their records under state statutory and common law.

Ethical questions

Physician executives are at the nexus of conflicting duties - duties to patients and duties to their employers or parent institutions. The amendments to HIPAA that eliminate the right of consent will add new and uncomfortable ethical and legal burdens.

Corporate legal and fiduciary responsibilities are clearly to shareholders. Physicians’ codes of ethics require physicians to put the needs of patients first.

Physician executives can provide ethical and legal guidance to corporations and institutions that view the right of consent as a barrier to treatment or research and do not know the state and common laws and ethical principles that physicians must uphold.

The perspective that physicians provide to employers and institutions can make the case for protecting privacy crystal clear. Without trust, patients will avoid any treatment or tests that have the potential for discrimination, job loss, or shame and embarrassment.

Without trust, they will distort or omit critical information. Then, not only will the quality and efficacy of their care be compromised, but also the accuracy of information in health databases will be corrupted and unreliable.

In the area of mental health, psychiatrists know from direct experience how far many patients and parents will go to protect their children or their jobs, or to hide or omit information to keep others from knowing intimate personal or family information. Patients would conceal crucial medical information if they knew it would be available on the Internet.

In fact, the U.S. Supreme Court recognized that effective psychotherapy cannot exist without an absolute guarantee of privacy.

In Jaffee v. Redmond (U.S. Supreme Court, 1996), justices rejected any balancing test to weigh the needs of private individuals or entities against the right of patients to have privacy. The court noted that it was in the best interests of the nation to have effective psychotherapy available for citizens, so they affirmed the absolute right to privacy of the communications between patient and psychotherapist in recognizing a therapist-patient privilege.

Physician executives may wish to consult with attorneys who specialize in health law if they are unclear about how to protect patient privacy, unclear about how to resolve conflicts between state and federal privacy laws and regulations, or unclear about how to resolve conflicts between legal and ethical duties as an employee or manager vs. duties as a physician.

State medical associations and state licensing boards may also provide legal advice and ethical advice about state and federal medical privacy laws.

Advocating for privacy

Physician executives can advocate with employers, institutions, Congress and government agencies to restore the right to consent and enact other privacy measures. The public strongly supports the right to the privacy of the most sensitive information that exists about them--their medical records.

No single approach to medical privacy can preserve such crucial rights. When the privacy rights of individuals are pitted against corporations and governmental agencies that want unfettered access to the most valuable personal information that exists, eternal vigilance is the only effective response.


* Citizens for Health v. Thompson, E.D., Pa., No. 2:03-CV-2264, 4/10/03; No. 72 HCDR 04/15/03

* Department of Health and Human Services, Office of the Secretary, 45 CFR Parts 160 and 164, “Federal Register”, Vol. 67 No. 157, Wednesday August 14, 2002, Rules and Regulations, p 53182-53273


* Humber, JM and Almeder RF (editors), Privacy and Health Care, Humana Press, Inc., Totowa, N.J., 2001.

* Hippocrates, “The Oath”, Hippocratic Writings, translated by J. Chadwick and W. N. Mann, Penguin Books, 1950

Barry K. Herman, MD, MMM, CPE, FACPE, a psychiatrist, is director, regional medical and research specialist at Pfizer, Inc. in Philadelphia, Pa. He can be reached by phone at 610-687-4354 or by e-mail at RockDoc50 at The opinions expressed by Dr. Herman do not necessarily reflect those of Pfizer, Inc. or its agents.

Deborah C. Peel, MD, is a psychiatrist and the president of the APPEALforPRIVACY foundation, past president of the Texas Society of Psychiatric Physicians, and a member of the Council of Advisors of the Michael Tigar Human Rights Center. She has testified before Congress and HHS. Her testimony on genetic privacy can be found at HERE. She can be reached by phone at 512-474-9995 or by e-mail at DPEELMD at



Posted by Elvis on 09/15/07 •
Section Privacy And Rights
View (0) comment(s) or add a new one
Printable viewLink to this article
Page 1 of 1 pages


Total page hits 12187989
Page rendered in 2.1877 seconds
40 queries executed
Debug mode is off
Total Entries: 3450
Total Comments: 339
Most Recent Entry: 11/21/2022 01:12 pm
Most Recent Comment on: 09/26/2021 05:03 pm
Total Logged in members: 0
Total guests: 9
Total anonymous users: 0
The most visitors ever was 172 on 12/25/2019 07:40 am

Email Us


Login | Register
Resumes | Members

In memory of the layed off workers of AT&T

Today's Diversion

There are three bombs. The first one is the atomic bomb, which disintegrates reality, the second one is the digital or computer bomb, which destroys the principle of reality itself - not the actual object - and rebuilds it, and finally the third bomb is the demographic one. - Albert Einstein


Advanced Search



December 2022
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30 31

Must Read

Most recent entries

RSS Feeds

CNN Top Stories

ARS Technica

External Links

Elvis Favorites

BLS and FRED Pages


Other Links

All Posts



Creative Commons License

Support Bloggers' Rights