PRIVACYnotes

HIPAA Medical Privacy Law and Journalism

Local journalists are adding their own post-mortem to the lawsuits and finger-pointing following the June 29 porch collapse at a Chicago apartment building in which 13 young adults were killed: A new federal medical privacy rule has undermined their ability to cover accident's by forbidding the disclosure of patient information that hospitals had released routinely.

The porch collapse was the first major accident story since patient-privacy regulations under the Health Insurance Portability and Accountability Act took effect on April 14. In this real-life test in Chicago, the rule proved every bit the hindrance to coverage that journalists had feared. Chicago's experience with this one accident underscores the problems newspaper editors everywhere will face sooner or later.

HIPAA, which was intended to give patients greater control over the release of their medical records, has wasted no time in become a nightmare for the press, says Ian Marquand, the Montana TV investigative reporter who unsuccessfully lobbied the federal government on behalf of the Society of Professional Journalists (SPJ) to include some reporting exceptions for news organizations. "Pretty much everything we said about HIPAA in the beginning and during the rule-making has come to pass," Marquand says.

Mini-debate on HIPAA medical privacy law and journalists

Subject: FC: Mini-debate on HIPAA medical privacy law and journalists
Date: Thu, 17 Jul 2003 00:15:05 -0400
To: politech@politechbot.com

Previous Politech message:
http://www.politechbot.com/p-04964.html
---
Date: Wed, 16 Jul 2003 17:53:31 -0400

Hi Declan,
It sounds to me like HIPAA is working as it was designed to. I'm shocked to learn from Mr. Fitzgerald that hospitals use to routinely give out the names and addresses of their patients to the press. My expectation is that businesses should keep their customer lists confidential. Especially businesses like doctors offices, hospitals, abortion clinics, banks, insunrance companies, etc.

Mr. Fitzgerald's opinion piece also fails the "Why do I care" test.

Just because someone is injured in an accident, I don't particular have to know their name. I don't see why the lack of names of people who went to the hospital took away from the reporting of this tragedy in Chicago.

Perhaps next time, Mr. Fitzgerald can come up with a more compelling example for the "harms" of HIPAA, rather than complaining that reporters have to change a bit the way they do their jobs.

Richard M. Smith
http://www.ComputerBytesMan.com
---


Subject: RE: HIPAA medical privacy rule hinders reporting of Chicago disaster
Date: Wed, 16 Jul 2003 18:23:04 -0400

Dear Mr. Smith,

As I tried to point out in the piece, HIPAA burdens reporters, but the bigger issue is that it cheats readers by depriving them of the details that allow them to judge the veracity and relevance of a story. As you suggest all articles must be subject to a "Why should I care" test. Names are the reason you care. "Something happened to someone somewhere" is hardly a compelling story. But fill in the blanks with an event that interests you, a name that is familiar to you or a locality that is close to you, and you do care.

Americans want these details because we sense that we would be less free if government withholds them from us--even if allegedly for our own good. It might interest you to know that among the responses I've gotten was e-mail from a hospital PR person who said she and her colleagues would welcome a repeal of the HIPAA rules because the information the media must now get from those not specifically covered by the act--cops, firefighters, paramedics--often is wildly exaggerated or distorted.

Thanks for your serious response to the piece.
Best,
Mark Fitzgerald
Editor at Large
Editor & Publisher
6505 W. Palatine
Chicago, IL 60631
773.792.3512
773.792.3513 (fax)
mfitzgerald@editorandpublisher.com
---


Subject: Re: FC: HIPAA medical privacy rule hinders reporting of Chicago
disaster

Hi Declan:

I am an IT worker who works under HIPAA rules, a free-press activist, and a close relative of a person who died in a media-circus event. I think I am well qualified to respond to this. Please feel free to post this to your list, but withold my contact information.

First, let me address the free press issue.

Though 57 partygoers were injured in the porch collapse, Chicago readers learned the names of almost none of them because reporters were unable to identify anyone treated at area hospitals, unless those victims sought out the papers.

Honestly, I fail to see how this example represents a bad thing.

There is indeed a public interest in the release of aggregeate statistics in the aftermath of an accident. For example, it may be useful for the public to know that three men and two women were killed, fifteen had broken legs and twenty had broken arms, etc. The HIPAA rules do not prevent a hospital from releasing such statistics in aggregate or de-indentified form. What HIPAA does prevent is the release of any personally-identifiable health care information without the patient consent.

There is no overwhelming public interest served by a newspaper publishing the victims' names without their knowledge and consent. That is to say, there is insufficient public interest in personally identifying the victims to outweigh the privacy of the injured and their family.

If the victim (or the victim's representative) consents to such disclosure, then HIPAA does not stand in the way. If the hospital chooses to release aggregate information (or specific information that does not indentify particular patients) HIPAA does not stand in the way. But if the victim does not consent, or is unable to consent, then HIPAA does what it was designed to do: protects the patient's privacy.

If you ever are involved in such an event, you will not regard this as a bad result!

As for the law itself, despite what you may have heard HIPAA is generally a good, flexible, well-crafted law. To oversimplify it dramatically, HIPAA demands that a health care provider specify the ways in which it will disclose personally-identifiable health information, and that the provider stick to its own rules. That's it in a nutshell.

Although bad implementations exist, this is not a problem with the law itself. Think of it like ISO 9000: it is a standard set of guidelines to produce a desired result, but the actual implementation is left to the company adopting the standard. The implementation may be helpful to the work, or it may be harmful... but it's not the fault of the standard itself. The major difference is that adopting the ISO 9000 standard is optional, whereas HIPAA is mandatory. I happen to work in a clinic that has a very good implementation of HIPAA. Implemented properly, it is not very burdesome to a medical practice, and the burdens it imposes are appropriate and necessary.

I hope this is helpful to your readers.
-Alan
---


Date: Thu, 17 Jul 2003 08:47:38 +1000
Organization: Centre for Advanced Internet Architectures
Swinburne University of Technology
Subject: Re: FC: HIPAA medical privacy rule hinders reporting of Chicago disaster

Though 57 partygoers were injured in the porch collapse, Chicago readers learned the names of almost none of them because reporters were unable to identify anyone treated at area hospitals, unless those victims sought out the papers.

The solution presents itself right there. The media needs to begin asking the public to explicitly opt-in. Perhaps set up a "You can publicize my misfortune" database, along the lines of the federal "Do not call" database.

See how well that goes over.
cheers,
gja
--
Grenville Armitage
http://caia.swin.edu.au
I come from a LAN downunder.


---
Date: Wed, 16 Jul 2003 15:33:09 -0700
Subject: Re: FC: HIPAA medical privacy rule hinders reporting of
Chicagodisaster

http://www.editorandpublisher.com/editorandpublisher/headlines/article_disp lay.jsp?vnu_content_id=1933765

JULY 16, 2003
New Medical Privacy Rule Is Bad Medicine for Press Chicago Porch Collapse Illustrates Problems

HIPAA is meant to protect patient privacy and the fact that reporters can't get names and contact information is certainly no problem to those patients. Readers don't remember those names listed in stories unless they know the person or the victim is a celebrity.

I am a former photojournalist that experienced the hatred of families and victims of accidents when I showed up at construction accidents and vehicle wrecks. They universally wanted me OUT OF THERE when I showed up to do my job, take photographs and get names. I hated that my job required me to invade the privacy of victims of horrific accidents. Asking them names and getting contact info was hell.

Ultimately I quit that job because of this issue.

Why do we need those names in the public press, especially when victims most often don't want to be indentified? Surely there are witnesses willing to be identified who can answer more than "how did it feel when the balcony fell on your head?"

Privacy is more important than tearful victims blubbering through their bandages about their injuries.

Mike Banks Valentine
http://PrivacyNotes.com
--


---
Date: Wed, 16 Jul 2003 16:48:03 -0700
Subject: Re: FC: HIPAA medical privacy rule hinders reporting of Chicago disaster

JULY 16, 2003
New Medical Privacy Rule Is Bad Medicine for Press Chicago Porch Collapse Illustrates Problems

By Mark Fitzgerald
Certainly none of the Chicago hospitals were willing to risk releasing information. Though 57 partygoers were injured in the porch collapse, Chicago readers learned the names of almost none of them because reporters were unable to identify anyone treated at area hospitals, unless those victims sought out the papers.

So the gripe is that the identities of victims was kept private?

What if a reporter wants to interview AZT takers, former ECT patients, etc. Should their names be given out freely?

Reporters have no more rights than patients.
---
What, no Police Report???
Surely, there is a "blotter" report somewhere.
That used to be the way young "cub" reporters were broken in, covering the local booking stations and their blotters.

Jerome from Layton

-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
-------------------------------------------------------------------------
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
Declan McCullagh's photographs are at http://www.mccullagh.org/
Like Politech? Make a donation here: http://www.politechbot.com/donate/
-------------------------------------------------------------------------