Privacy-rule changes draw strong criticism
Privacy-rule changes draw strong criticism
Changes will not safeguard HIV patients
The importance of medical privacy protection was perhaps never made clearer than when the AIDS epidemic surfaced, and many people infected with the virus discovered that strangers had access to their private medical information. Fear of HIV disclosures without their consent often is cited as one of the primary reasons at-risk people refuse to be tested unless anonymous testing is available.
Then with the passage of the 1996 Health Insurance Portability and Accountability Act (HIPAA), a new privacy rule offered hope that all health care patients, including those infected with HIV, would have greater protections against undesirable medical disclosures.
This hope has been dampened in recent months as the Department of Health and Human Services (HHS) has issued proposed changes to the privacy rule that undermine many of its protections, according to HIV and privacy advocates, as well as members of Congress.
HHS, under President George W. Bush’s administration, has proposed to relax rules about obtaining privacy consent. Under the original privacy rule, health care providers would need to obtain an individual’s consent prior to using or disclosing protected health information for treatment, payment, and health care operations. HHS now proposes to eliminate the prior-consent requirement and substitute it with a good-faith notification.
"President Clinton did what he could, and now the pendulum swings backwards, and President Bush’s administration says the privacy regulations are too restrictive," says Scott Brawley, MSW, director of public policy for AIDS Action in Washington, DC.
AHA approval
On the other side of the issue, the American Hospital Association (AHA) of Chicago, applauds the administration’s changes, saying in an April 25 letter to HHS Secretary Tommy Thompson, that the switch from written privacy consent to privacy notification would eliminate barriers to care and redundant paperwork. The AHA says, in a prepared question-and-answer memo for hospitals, that patients’ rights still be protected even if they are not required to sign a written consent form for privacy. "Hospitals are still required to provide you with a written notice of their privacy practices (called a privacy notice’) that explains how hospitals are permitted to use your medical information," the Q&A memo states.
HIV and privacy advocates say the biggest problem with the proposed regulations and changes are the consent requirements because a privacy notice is not as strong a protection. "If we’re going to give people a right to privacy then they need to have real control over it," says Jeffrey Crowley, MPH, project director for the Institute for Health Care Research and Policy in Washington, DC. "Some people say there’s little difference between notice and consent, but I say there’s a huge difference," Crowley says. "Where someone has to be told and has to confirm to consent is different from a notice that anybody can argue they had given to a patient."
Harming patients
In an April 26, 2002, letter to HHS, Bill Thomas, chairman of the AHA committee on ways and means, and Rep. Nancy Johnson, chairman of the committee on ways and means’ subcommittee on health, wrote, "Patient care could have been seriously harmed if providers were required to obtain consent prior to treatment."
The AHA letter adds. "However, we are concerned that the requirement that providers make a good-faith effort to obtain written acknowledgement of a covered entity’s notice of privacy practices will be confusing for patients and lacks any meaningful confidentiality protection."
Thomas and Johnson continue to urge HHS to not implement the change and to simply require the notice to be provided without written acknowledgement.
In an April 26, 2002, letter to Thompson, signed by 16 members of Congress, the congressmen say that the administration has proposed several steps that would undermine privacy, including the elimination of the patient consent requirement for treatment, payment, and health care operations.
Other concerns the congressmen raise include:
- a marketing definition that would allow disclosure without permission by patients of their patient records for marketing activities;
- "public-health" disclosures that would give drug companies new access to patient records without patient permission;
- a loophole that will allow the disclosure of medical information to nonhealth care components by expanding the category of "covered entities."
Providers still will need to educate patients
Even under the existing privacy consent requirement, health care providers would need to educate patients about their rights, but at least consent would be required, Crowley says. "Because of ongoing discrimination faced by people with AIDS, these concerns could be more pronounced," Crowley says.
If HIV/AIDS patients have some paranoia about how their health information is being used, it’s probably because some serious breaches of privacy have become public knowledge. For example, the Lambda Legal Defense and Education Fund Inc. of New York City is representing a case that is being presented to the U.S. Supreme Court that involves job discrimination against an HIV-positive dental hygienist. While the court case doesn’t address the privacy issue, the entire case would never have occurred if it were not for the fact that the HIV patient’s doctor violated the man’s privacy.
"We’re representing Spencer Waddell, a dental hygienist who worked for Dental Associates in Atlanta. He went to his doctor, was given an HIV test, and he tested positive," explains Catherine A. Hanssens, JD, director of the AIDS Project for Lambda Legal Defense and Education Fund. "His personal physician took it upon himself to call, without Spencer’s knowledge or consent, Spencer’s employer to say that they had an employee who tested HIV-positive," Hanssens says.
"Mr. Waddell was a highly-regarded professional until the day he was found to be HIV-positive, and then his employer responded by giving him a choice between becoming a receptionist at half the salary or to get fired," Hanssens adds. "He chose not to work at the front desk, and we lost the case in district court and the court of appeals and now are asking the Supreme Court to look at the case." (Shortly before press time, the Supreme Court declined to review his case.) While Waddell has a separate action against the physician who violated his trust, any victory he receives there will do little to remedy the situation, Hanssens says.
A zero risk
The facts are, according to Centers for Disease Control and Prevention (CDC) guidelines, the risk of a dental hygienist transmitting HIV to dental patients is so theoretical that it’s practically a zero risk, Hanssens says. "You can’t put the genie back in the bottle," Hanssens notes. "This man lost his job, and he is now working for a dental clinic that treats only people with HIV, and he figures his options are over, so he’s going public to demonstrate the level of discrimination that people with HIV experience."
Fears of disclosure
Unfortunately, Waddell’s privacy breach is not an isolated case. There have been other instances of hospital receptionists, pharmacists, and other health care professionals who have gossiped about HIV patients, causing them problems at work and with their families, who may not have known their HIV status. And the privacy rule with its proposed changes will do little to alleviate fears of these sorts of disclosures, Crowley says. "Say you’re in a small town and you go into the hospital, and you don’t want your neighbor who is a nurse there to know you’re HIV-positive," Crowley speculates. "The initial privacy rule would allow you to make a request that you give your consent to share information, but you would like to make certain this nurse doesn’t see it."
The hospital would either accept or deny your request. But under the proposed consent changes, the hospital will merely give you notice of your privacy rights, and you may never have the opportunity to make such a request, Crowley says. "People who claim the consent requirement is too burdensome are overlooking the fact that right now we go in for health care and have to sign forms," Crowley says. "It can’t be too burdensome, because we’re already doing it."
Subscribe Now for Access
You have reached your article limit for the month. We hope you found our articles both enjoyable and insightful. For information on new subscriptions, product trials, alternative billing arrangements or group and site discounts please call 800-688-2421. We look forward to having you as a long-term member of the Relias Media community.