Providers Safeguard Privacy, But Concerns do Linger

 By Jerry Seelig and Rick Cussigh

“This is the business we’ve chosen.”

We think often of the cautionary tale of the “Godfather’s” Moe Greene during our many years in the medical record business and most recently as patient care and consumer privacy ombudsmen for the U.S. Bankruptcy Court. When appointed as ombudsmen, it is our job to ensure that the continuum of care is preserved and that patient privacy is safeguarded at healthcare provider at its most unpredictable.

When we walk through the doors to do our job, we either witness the highlight reel of best practices, or catch patient privacy breaches as disturbing as that bullet Greene caught in his eye.

When the Health Insurance Portability and Accountability Act was enacted 15 years ago, few had any idea whether it would serve as healthcare’s version of omerta (the Mafia Code of Silence), or another ineffectual intrusion by the Feds. We also heard and still hear grumbling from doctors that all this medical record preservation and protection has brought innumerable new costs to their practices while their patients grumble about the extra burden of signing multiple HIPAA and other consent forms.

Fortunately, HIPAA works – much of the time. Most patients can rest safe at night knowing their medical history is both protected from prying eyes and accessible upon request. However, there have been just enough egregious violations to keep everyone on their toes. Among them:

In April 2007, a former administrative assistant at Ronald Reagan UCLA Medical Center was indicted by a federal grand jury for selling patient information to the National Enquirer. Sixty- eight current and former staff, including nine doctors, had been sneaking peeks at the records of famous patients. This is one of the most commonplace breeches: the celebrity admitted to the hospital and the staff unable to resist their prying eyes.

There are also the occasional reports of a health plan employee’s laptop that containing the medical records thousands of enrollees stolen from a car or storage medium with millions of records sent for destruction and lost in transit.

In virtually all of those cases, the staff has been caught and disciplined. Many have lost their jobs. Those who have sold medical records – such as the UCLA Healthcare employee and another at New York Presbyterian/Weill Cornell Medical Center – faced criminal prosecution.

The Health Information Technology for Economic and Clinical Health (HITECH) Act, the federal legislation that provides funding for providers to switch to electronic health records, also gives HIPAA a shot in the arm by expanding who is covered by HIPAA while setting very high fines for acts of omission. (Such as the lost laptops and responsible parties who ignored their HIPAA and omerta oaths) Many experts believe this will add the crucial level of security and financial penalties to ensure such incidents will become less common in the future.

Nevertheless, we fear that such incidents contribute to reluctance on the behalf of patients and caregivers to not fully participate in the process of dialogue, recording, and analysis needed to build and maintain the patient medical record. Such reluctance could prove potentially harmful down the line if crucial aspects of patient information were not conveyed by the patient or recorded by the caregiver. Compounding this is the fact that a complete patient record is already a logistical challenge to compile, given that multiple providers must often contribute their records to create a whole portrait of that patient’s medical history and overall health.

However, we do believe that providers and their colleagues who compile and keep track of medical records do a terrific job, even under the worst of circumstances. We’ll discuss that in detail next week.

Jerry Seelig and Rick Cussigh operate Seelig +Cussigh HCO LLC, a Culver City-based patient ombudsman firm.

Download PDF of article >

Originally published in: Payers & Providers – California Edition, Volume 3, Issue 8