Avoid misinterpreting HIPAA regulations

Don't deny access to people who are entitled to it

While her husband was sleeping, after a medical procedure, Elizabeth Hogue, Esq., picked up his chart, which was lying on a table in his hospital room.

A few minutes later, a nurse came into the room, took the chart and said, "You don't have a right to read that. HIPAA won't allow it."

"Actually, I'm his wife and I do have the right to read it. HIPAA doesn't prohibit it," replied Hogue, a Burtonsville, MD, attorney specializing in health care issues.

"Well, it's the director's policy," the nurse replied.

Hogue's experience is just one example of how HIPAA is being misinterpreted and patients and families are being alienated, Hogue says.

"Health care professionals are making big mistakes when it comes to HIPAA and these kinds of things shouldn't be happening. In this case, there were two problems concerning HIPAA: The chart was lying out there where anyone passing by could have read it and she was refusing me, as a relative, access to the information that I was entitled to have," she recalls.

Intent of the law

The Health Insurance Portability and Accountability Act of 1996 was intended to protect the privacy of patients' medical records and other individual identifiable medical information by limiting the way medical providers could share the information. It never was the intent of the law to deny information to patients' family members and significant others, Hogue points out.

"HIPAA has certainly had some unintended effects. The law was written to protect patients but there are a lot of misunderstandings that can be to the detriment of patients," she says.

Except for some technical issues with which providers have to comply, HIPAA generally incorporates the same practices that health care providers have used for years in regards to the release of information, Hogue says.

"Depending on the circumstances, health care providers can release almost any appropriate information, based on good common sense," Hogue adds.

Hogue advises case managers to have a copy of the HIPAA rule available so they can review it if they are confronted with an unusual situation and don't know how to handle it.

"Case managers must master the regulations despite their complexity. There is no substitute for a careful reading of the rule again whenever a question arises," she adds.

Use your common sense

Use your common sense when it comes to giving out patient information, Hogue says.

"The HIPAA rule says that patient information can be shared with family members as well as with significant others," she says.

Some health care providers have refused to give out information over the telephone, fearing they would violate HIPAA regulations, Hogue says. These instances can be particularly troubling when someone is checking on a loved one in another city, she says.

"If someone calls a case manager on the telephone to ask about a relative, the case manager could talk with them to elicit information that gives them a sense of comfort that the person is who they say they are or they could ask the person to fax some identification," Hogue suggests.

Another option would be to tell the caller you want to verify who they are and call them back, she adds.

(For more information, contact Elizabeth Hogue at ElizabethHogue@ElizabethHogue.net.)