All Things HITECH

All Things HITECH

1,782 members
  • Join

    When you join a group, other members will be able to see your profile and message you. The group logo will be visible on your profile unless you change that setting.

  • Information and settings

Have something to say? Join LinkedIn for free to participate in the conversation. When you join, you can comment and post your own discussions.


HIPAA myths get in the way of quality patient care.

CEO & President

As a patient or a relative of a patient in a hospital been told, "I can't tell you because HIPAA doesn't allow it"? Often times HIPAA does allow it but there is sometimes a fear on the part of what I would call "gatekeepers" (receptionists, staff at information desks, etc.) that they can't communicate anything about a patient. As an example, if the patient in the hospital has not opted out of the facility directory, there is no prohibition against telling the visiting friend or relative where the patient is in the hospital.

As a patient, I've also been told "you can't look at that because it's electronic" (that being my designated record set (DRS)). I was informed I needed to pay for a copy of my DRS but I could not request to view it which is in violation of my rights outlined in the HIPAA privacy rule. Training is very important and not only for compliance reasons.

  • Comment (2)
  • May 11, 2012
  • Close viewer


  • Robert Z.


    Robert Z.

    Partner, Information Technology and Risk Management Leader, Innovator, Entrepreneur

    Unfortunately, in the litigious world we live in, you can't blame organizations from shying away from giving access. How many doctor's and healthcare institutions have given their patients electronic access to their records. Very few. Sure there is fear of a breach. But there is also the great fear of the legal community and the ever present lawsuit. Tort reform anyone?

  • Chris A.


    Chris A.

    CEO & President

    One of the resulting findings from the Health Information Security & Privacy Collaborative project was that there is a significant amount of trust between health care providers and it had little to do with potential litigation. if the information sharing related to an emergency situation, health care providers were usually open about sharing. On the other hand, if it was a non-emergency situation, health care providers were very reluctant to share patient information.

    There are situations out there were concerns related to litigation and relate to a perception that the receiving provider has not implemented appropriate security safeguards. On the other hand there are also a fair number of providers out there who are concerned about another patient "skimming patients" or stealing them away from their practice.

    To me providers (and health plans) can implement more stringent privacy practices then required by HIPAA but I do object when those more stringent requirements are knowingly or unknowingly held out as 'HIPAA requires it" when it reality HIPAA does not.