Many times people ask: Why do we need HIPAA?  Is HIPAA really necessary?  The short answer is yes, we do need HIPAA.  The reason we need HIPAA is that without it there would be no baseline for protecting patient privacy.

Your medical records shouldn’t be something that anyone can share or use for any purpose.  We have all heard of doctor-patient confidentiality.  It is something most people count on.  If you can’t share your most intimate secrets with your doctors then your treatment will likely be ineffective.  If your doctors aren’t told important parts of your personal information how can they treat the person as a whole?

Without some assurances that the information will be kept private many patients won’t share things with their doctors.  That only adds more issues to the already complex nature of diagnosis and treatment.  Even if patients do share the information, they should be able to have a high expectation of privacy.  Remember, doctor-patient confidentiality?

HIPAA For MSPs Why Do We Need HIPAA?
00:00:00 00:00:00

Why Do We Need HIPAA?

Because your right to privacy about your own health should be something you are allowed control. Your medical record tells more about you than most of the people you know will every know about you. That includes spouses and other family members, names, addresses, DOB, previous medical conditions, medications, family medical history, etc.

Why is all of that on the form?

Because your doctor needs to know these things in order to properly treat you.
– I had my tonsils out when I was 6, so if there are some in there now I want them to know they came back!
– Many conditions can be related to genetics so your family history may be very important.
– I need to share the details with my doctor and other healthcare providers that need it to properly treat me.
– Healthcare providers will always tell you they can not treat your problems if you don’t tell them everything that is going on.

Cybersecurity breaches are big data grabs

We have discussed the need for all businesses to worry about cybersecurity these days.  The National Cybersecurity Framework is a voluntary program, like HIPAA used to be before HITECH.  So, why do we need HIPAA?  Because the voluntary programs don’t work.  The vast majority of healthcare businesses out there are still not focused on HIPAA compliance even though it is no longer voluntary.

  • All businesses should be doing it now.
  • Fraud is huge – credit cards, false claims, false tax returns cost us billions.
  • We still don’t know how bad the Anthem breach will be on the 80 million of us in that breach.
  • Fraud cases – set up a fake clinic or buy a real one and then start filing claims for people which ends up in their insurance records.

All about identity theft

If I have enough information to be you, then you get my bills and my medical history. This can cause both financial and physical harm.

  • $44,000 hospital bill for surgery that never happened – takes years to clear it
    • ex-con used his ID to get surgery
  • WSJ article on medical identity theft (requires account creation)
    • Woman gets bills for hospital visit for treating a leg injury for her son
    • Her son had never been to that hospital and he hasn’t had a leg injury
    • Her son is 39 years old, lives with her, and has Down syndrome
    • She takes him to the hospital and shows them he never had the injury but it still took time to get them to stop billing them
      • Then the radiologist sent them to collections
      • Then they get one for the ER doctors
      • Then another bill from the hospital
      • His records now reflect a drug allergy and leg-injury he never had
  • 2006 Utah case meth baby
    • “Meth Teeth McGee” strolls out of the hospital and never looks back
    • $10,000 bill from the hospital
    • Finally got rid of it all when filed for bankruptcy
    • Still not sure if the baby’s records show her as the mom
    • More on the CBS News story
  • Liver transplant for $200,000 for a woman
  • Penis enlargement for one guy and his friend
  • Foot amputation – but I still have two feet

FTC Medical Identity Theft Site
Provides info on How to Correct Errors in Your Medical Records
Signs of Medical ID theft
– an EOB with procedures you never had
– a bill for medical services you didn’t receive
– a call from a debt collector about a medical debt you don’t owe
– medical collection notices on your credit report that you don’t recognize
– a notice from your health plan saying you reached your benefit limit
– a denial of insurance because your medical records show a condition you don’t have.
– and of course Social services calling to take away your kids

Still why do we need HIPAA?

Why do we need HIPAA.  We need HIPAA because:

  • people are stupid
  • people are mean
  • people are criminals
  • people can be careless

Without someone defining what and how to protect this information there are no rules at all. There would be even less opportunity to do something about it when someone invades your privacy or your information can’t be protected any longer.

  • Facebook post: “PPL WORLD WIDE,” “FRANCES … IS HPV POSITIVE!” “PLZ HELP EXPOSE THIS HOE!” – posted by patient care technician at a local hospital that used to be Frances’ friend. – the privacy officer sent a letter that they “looked into it”
  • Nurse snooped in the medical records of her nephew’s partner, learned that she had delivered a baby and had put the child up for adoption. She gave a printout to another family member, and the secret was announced at a family funeral.
  • Nursing home cases
    • Snapchat video of a resident sitting on a bedside portable toilet with her pants below her knees while laughing and singing.
    • Ohio, a nursing assistant recorded a video of residents lying in bed as they were coached to say, “I’m in love with the coco,” the lyrics of a gangster rap song (“coco” is slang for cocaine). Across a female resident’s chest was a banner that read, “Got these hoes trained.” It was shared on Snapchat. The woman had dementia but was a church secretary for 30 years.