Sound Medicine -- May 17, 2003
Special Edition: Sound Ethics

Hosts Barbara Lewis and Dr. Eric Meslin talk to physicians and researchers about:

Privacy in Clinical Medicine

HIPAA and Research

Explanation of HIPAA

HIPAA and Patient Confidentiality

Resources about HIPAA and Confidentiality

Real Media | Windows Media

Privacy in Clinical Medicine

The Health Insurance Portability And Accountability Act (HIPAA) is a sweeping set of federal regulations that went into affect last month. Its main goal is to ensure patient privacy. If you have recently visited your doctor, you may have received a pamphlet outlining your privacy rights. The slim pamphlet we patients receive are the end result of 500 pages of federal regulations outlining the change in how patients and their medical records are treated.

Internist Dr. Ann Zerr, co-director of the Center for Excellence in Women's Health at the Indiana University School of Medicine, describes the impact of HIPAA on privacy and confidentiality in clinical medicine. Because HIPAA ensures patients' confidentiality, information in a patient's file generally may not to be spread or used for purposes against those which the patient specifies. Consequently, it can sometimes be very challenging for physicians to follow a patient's directive and also act on his or her best interest, especially if the two issues conflict.

Patients' opinions of the HIPAA regulations run the gamut. Most patients trust their health system, and believe that their confidential information will be used appropriately. Nevertheless, there are some privacy issues that people do tend to worry about, such as insurance companies' learning of certain health conditions. Although privacy is certainly not a new issue, it is being discussed more frequently now.

Dr. Zerr reminds all heath care providers about the importance of respecting all patients' health issues. Medical professionals must look at billing systems and determine what insurance companies really need to know. Systems need to be examined, and we need to make sure that we really are acting on each patient's best behalf.

HIPAA and Research

Dr. Bill Tierney, professor of Medicine at Indiana School of Medicine and director of the General Internal Medicine division, discusses the impacts of HIPAA on research. Although most people may envision medical research being conducted in a clinic, much of it actually involves the analysis of medical records using computers and databases. It is possible to make the data used for these studies anonymous so that it cannot be traced back to individual people. Researchers look for patterns of diseases and symptoms, and look at health care systems. Therefore, they do not need patient identifying information.

One part of research that has been affected by HIPAA is the identification of patients. A researcher cannot simply open up a patient's records and seek the information he or she needs. Although, Dr. Tierney points out that before HIPAA, one could not do things like that anyway. Other issues to consider involve the profound impact of ethical and social concerns, because they may raise socially sensitive questions. For example, it could be socially or professionally stigmatizing to reveal a study subject's sexual preference, or whether he or she might have HIV or AIDS.

Ideally, HIPAA should strike a happy medium between making large amounts of information available, and at the same time also assuring patient confidentiality and minimizing the risk of information leaking out where it should not. Dr. Tierney mentions that data stored electronically is actually much more confidential than paper records. With an electronic record system, it is possible to control access to data, and also to track the people who see each bit of information. This is nearly impossible with paper records.

Explanation of HIPAA

Joe Scodro, from the University Council on the campus of Indiana University Purdue University Indianapolis (IUPUI), translates the HIPAA regulations into easier language to comprehend. He also discusses some common physicians' and researchers' objections to HIPAA, and imparts to us why new privacy rules were created.

HIPAA does have a provision to limit disclosed information to specific individuals in a particular method or manner. For example, a patient may want to limit doctors' correspondence so that doctors only speak directly with him or herself exclusively. HIPAA decrees that physicians must abide by these requests if they are reasonable. Indiana has always had doctor-patient confidentiality agreements, and patients could almost always ask doctors to limit communication. Subsequently, the provider would generally tend to honor the wishes of the patient. What if the patient is unable to make a sound decision on his or her own? Both HIPAA and Indiana laws prior to HIPAA make provisions that allow health care professionals to recognize if there is a circumstance that would allow a physician to go against a patient's wishes.

Since it appears that many previous laws already mandated what HIPAA was instigating, it is hard to understand what the original problem was that HIPAA attempts to solve. With the current world events, many people are concerned about security on a number of fronts. Federal laws try to protect privacy on several different levels. Both HIPPA and the existing previous laws strive to balance individuals' privacy and the good of the community in general.

View resources about HIPAA and confidentiality

HIPAA and Patient Confidentiality

Dr. Sandra Petronio, professor of Interpersonal, Family and Health Communication, is a highly acclaimed researcher in the area of communication and privacy. She is currently researching how health issues get communicated in families. Dr. Petronio is the author of Boundaries of Privacy; Dialectics of Disclosure, newly published by State of New York Press. It represents 20 years of research on how people manage their privacy.

Patient confidentiality in healthcare is very complex. People often believe that they own private information pertaining to them, and they want to control it. Privacy has always been valued in our culture, and in many medical situations, there is no clear answer to who should have access to what information, and everyone has a different view on how things should work.

Right now, many physicians are grappling with policies and implementation. One can ask people to sign legal documents, and explain the situation to them. However, unless a healthcare provider understands the way patients think about privacy, he or she will never have a clear way of implementing these types of regulations. For it to work, we really have to imagine ourselves in the minds of people and see where they stand on issues so that we can better figure out how to approach them. Dr. Petronio urges us not to put privacy on such a pedestal that we forget the problem that all these regulations are trying to solve; that is, how do we balance patient privacy and public health concerns?

View resources about HIPAA and confidentiality

Resources about HIPAA and Confidentiality

Websites and Online Resources

IUPUI's provisions for HIPAA

More information on what HIPAA means to you

Frequently Asked Questions about HIPAA

Books, Journal Articles and Non-Electronic Resources

Petronio, Sandra. Boundaries of Privacy: Dialectics of Disclosure. State University of New York Press, Albany, NY. 2002

Annas, George J. "HIPAA Regulations -- A New Era in Medical Record Privacy?" New England Journal of Medicine. 348, Vol 15, April 10, 2003: 1486-1490

Kilbridge, Peter. "The Cost of HIPAA Compliance". New England Journal of Medicine. 348, Vol 15, April 10, 2003: 1423-24

Siegler, Mark. "Confidentiality in Medicine -- A Decrepit Concept". New England Journal of Medicine 207, Vol 24. 1982: 518-21

Institute of Medicine. Protecting Data Privacy in Health Services Research. IOMNational Academy Press, 2000.[full text available at http://www.nap.edu]

Is there a medical topic you'd like us to cover? Reach us by email: soundmed@iu.edu
or by phone:
(317) 274-4848.

A long history of tension exists between public health authorities whose first duty is to report diseases that are considered threats to public health and physicians whose first duty is to protect patient privacy. Balancing these two is one of the challenges of medical ethicists. With which of the following diseases did this challenge for medical ethicists seriously begin?

A. HIV/AIDS
B. Bio-terrorism through anthrax
C .SARS
D. None of the above

Find out!

When medical students graduate, they take the Hippocratic Oath to pledge that they will practice medicine ethically. But medicine has come a long way from the ancient Greek world where this oath-taking ritual first originated. Has the advancement in medicine triggered any changes in the Hippocratic Oath as well?

Find out!

From the once simple view of medical ethics that required physicians to do no harm to their patients under the Hippocratic Oath, the practice of health care has advanced through research and treatment practices to raise new ethical questions in almost all areas of medicine.

In the 1950s, advancement in reproductive technologies raised the issues of morality of abortion, birth control and artificial insemination. In the 1960s and 1970s, prenatal diagnostic techniques such as genetic testing questioned the morality of terminating pregnancies on the basis of predicted disability of the baby.

Bioethics is also involved in issues of patient privacy, triggered by the rise in dangerous infectious diseases such as AIDS, and in balancing community safety with individual rights when patients with communicable diseases don't follow treatments or take necessary precautions.

Source: Bioethics.net