Part 3: Uses and Disclosures (FAQ 57 of 65)

57. Are Disclosures for Treatment, Payment and Health Care Operations Okay?

At one level, yes. Health care is a complex business that represents a large chunk of America's economy. If you think about it, you may realize that major health care treatment and payment institutions are big businesses that engage in a wide variety of activities just like other businesses. Management and internal controls require access to some records. If we spent the time to list the comparable data-intensive activities engaged in by banks or governments, we would also find a long list of uses and disclosures of personal information that are, for better or worse, a routine part of those functions.

At one level, then, treatment, payment and health care operations (TPO) disclosures are routine. Just about all of the functions supported by TPO uses and disclosures went on before HIPAA, although few health professionals paid attention to them. Before HIPAA, if your consent was sought for the sharing of your records for these purposes -- and it frequently was not sought -- you weren't told any of the specifics. Doctors, hospitals, and insurers asked patients to consent to "any and all disclosures" without telling patients what that meant.

HIPAA eliminated the need for consent for TPO. A covered entity may still seek your consent, but this seems to happen rarely. It is easier to rely on the authority provided by the rule to justify use and disclosure. Some privacy advocates see the lack of consent as a great gap in privacy protection that removes any pretense of patient control over records.

SIDEBAR:

Before HIPAA, many health professionals thought that a patient's health record would only be disclosed with the patient's informed consent. However, what was called informed consent was typically neither informed nor consensual. You had no idea what you were signing, and you really didn't have much of a choice. Signing a consent form was a prerequisite to seeing the doctor or having the insurance company pay the bill. Patients -- especially those who were ill -- were not really able to focus on privacy. Almost everybody signed whatever form they were given without question. If a patient limited or modified an informed consent form, the changes were often not noticed or ignored.

Some experts recognize that it is difficult to expect patients -- often people who are sick, impaired, or worried about their children -- to be able to understand and control the complex use and disclosures of their records that have become part of health care activities. Would you prefer to be asked for your permission to disclose your records for dozens of different purposes? Could you really make a meaningful choice while suffering from the flu, undergoing chemotherapy, or worried about your nauseous child? Further, there is a limit to how much the health care system can cater to individual preferences. There is a cost involved.

Discussions about the proper role of consent for information use and disclosure in the health care process are ongoing. You are welcome to your side of this debate.

Part 3: Uses and Disclosures (FAQ 57 of 65)

57. Are Disclosures for Treatment, Payment and Health Care Operations Okay?

SIDEBAR:

Jump to list of FAQs 1-65 | See all of Part 3