Part 1: Learning About HIPAA (FAQ 11 of 65)
11. Does HIPAA Protect Privacy?
This is a tough question to answer. Health care providers generally care about privacy, but health care providers have only some control over the records of their patients. Our complicated health care treatment and payment system places patient health information in the hands of many different providers, insurers, agencies, and others. Overall, we believe that the health care system mostly paid lip service to privacy before HIPAA. How many hospitals offered you a notice or privacy practices before HIPAA? How many trained their staff in privacy? How many told you that you had a right to see and copy your own records? Before HIPAA, active privacy policies were a rarity in health care. By this measure, HIPAA made some definite improvements.
Our health care system -- with third-party payors and lots of government involvement (e.g., Medicare); -- places many demands on health records. Everyone wants low-cost, high-quality health care for all. Achieving these objectives often affects privacy in negative ways. The trade-offs can be sharp. HIPAA is decidedly a mixed bag for privacy. It does good things and not-so-good things. It protects privacy rights and undermines those rights at the same time.
HIPAA gives each patient some rights. There are seven formal rights, not all of which are new everywhere. (See Part 3, Basic Patient Rights to learn more about the seven rights HIPAA gives patients). However, some of the new rights are not especially meaningful. HIPAA also permits many uses and disclosures of health records without the patient's consent. Many will find some of these uses and disclosures objectionable. A patient doesn't have the opportunity to control most uses or disclosures of his or her records.
If you just look at the disclosure provisions, then you might conclude that HIPAA allows many disclosures that you may not think are appropriate. For good or bad, many of those disclosures were routine before HIPAA. However, if you consider the overall state of privacy protections before HIPAA, you might see a marked improvement in many aspects of privacy today.
So does HIPAA protect privacy? Everyone is entitled to his or her own answer to this question. We prefer to say that HIPAA offers patients Fair Information Practices. (See FAQ 10.) Whether the implementation of Fair Information Practices in HIPAA meets your own standards for privacy is for you to say. Everyone has different privacy needs, preferences, and desires. The proper health privacy standards are subject to much debate.