Is HIPAA Being Used To Harm - Not Help - Patients?

Wednesday, July 30, 2014

In a recent article for ProPublica, senior reporter Charles Ornstein examines three case studies of medical centers citing HIPAA - the 1996 law mean to protect patients - in ways that protect their own interests and privacy. Ornstein joins us to explain what HIPAA actually covers and explain what your rights are as a patient.


Charles Ornstein

Comments [10]

Yvonne from Park Slope, Brooklyn

My most negative experience with HIPAA was when my mother was in a nursing home and, due to staff shortages, anyone I explained smething to, when I came back the next day, had been "floarted" to another floor where the shortage was even greater.

HIPAA rgulations meant that if I wrote out what my mother needed and posted it on the wall, the post was taken down as a breach of confidentiality.

The result is that well meaning staff were killing her, literally, by giving her liquids that went straight to her lungs as the mechanism we all have that automatically sorts between breathing and swallowing, for my mother, was not working due to her Parkinsons.

Jul. 31 2014 11:51 AM

Pina78 - Yes MDs & other providers are allowed to charge for copies. It's usually done on a sliding rate scale with special provisions for Medicaid patients.

Until we get EU-style data protections, we are vulnerable not only on medical data, but all data. If we can capture control from Commercial users/collectors/sellers we can fight the pig in a poke "contract that "Terms of Use" by Google, Facebook & others use.

Yes, we should also improve on the EU personal data protections, but first we need to capture our data & our right to consent.

Jul. 30 2014 01:04 PM
Larry Romsted from Highland Park, NJ 08904


Today's discussion about HIPPA with Charles Ornstein missed one of the potentially most dangerous parts of the law, the part that does not protect our privacy, but permits release of medical information without our permission to: police, courts and administrations and the military. This part formally legalizes access. (I could not call, I was driving at the time.)

You can get what I think is a detailed and complete description of the provisions at:

45 CFR 164.512 - Uses and disclosures for which an authorization or opportunity to agree or object is not required.

I found this link at:

reference 29.

Whenever I sign a HIPPA form (to protect my privacy :) ) I write a note on the form that the doctors office cannot release my information without my permission. One doctor was honest enough to say he would do it anyway if asked by law enforcement. What penalty do doctors (and hospitals) face if they refuse?

I see this law as formalizing the routes for violating our privacy under certain (not all) conditions instead of protecting it.

Why does this matter? Because law enforcement, the military, and the courts do not always distinguish between legal free speech actions against government activity and criminal activity.

Larry Romsted

Jul. 30 2014 12:37 PM
Karen from NJ

A couple of years ago, I was dealing with my 89 year old mother's infectious disease doctor in Florida. Although she was clearly competent, she was fragile and nearly housebound, and I routinely conferred with her doctors. In speaking with this doctor's staff, I had questions about the treatment and their answers were not accurate. When it came time to start the lengthy series of IV infusions, the office manager said no one could talk to me because I was not authorized on Mom's HIPAA form. After Mom signed a new one, the doctor still would not speak with me. When I requested medical records, the manager said, "I spoke to your mother on the phone and she doesn't want the records" (I did get them). When I ran into the doctor nearly a year later, he insisted that the alleged phone call trumped the signed HIPAA form. I formally complained through the insurer, Medicare, OCR and even her congressman; no one went beyond accepting the doctor's allegation as true and sufficient.

Jul. 30 2014 12:12 PM
BK from Hoboken

I watched the entire video of the Missouri woman and must commend her on staying patient with the wannabe cop/hospital security guard. They even detained her. I certainly would not have reacted as patiently as she did. Hospitals and doctors are like taking your car to the mechanic- we don't know any better, how much this should cost, what we can expect or demand, etc. We all need to make sure that as patients we not only are entitled to our information but given how much we are paying as CUSTOMERS, we shouldn't have to beg and plead for a CD copy of the MRI we just got, etc.

Jul. 30 2014 11:53 AM
Confidential from White Plains

When my husband was released from White Plains hospital recently, a volunteer from our synagogue called me and said that she learned he had been discharged and did we need any help. When I asked how she knew this, she said that the hospital provides the volunteers with a daily or weekly list of all patients discharged who have listed themselves as Jewish on the hospital form. When I calls the legal counsel for the hospital to express my displeasure, he insisted that the hospital does not do this. As far as I know this still happens now.

Jul. 30 2014 11:48 AM
Peter Frishauf from Manhattan

My '05 take: Patients need access to THEIR data, and should be able to get it immediately after the encounter. Hospitals, especially, tend to make it inconvenient to get records. Ex: you get an x-ray or MRI. You should be given a DVD of the test on the spot, not forced to come back to institution, fill out a form, pay a fee, etc. IMO, many small practices are better at this than the big places. Follow the blog of e-patient Dave for lots or good infor on this:

Jul. 30 2014 11:36 AM
pina78 from Bayonne

Is it legal for doctors to charge for copies of medical records?

Jul. 30 2014 11:30 AM
Estelle from Brooklyn

When my husband spent two weeks in a hospital ICU, his medical changes were frequent and frequently devastating. I spent those weeks desperate to know the latest developments. Thanks to HIPAA, I was unable to get information any time I was not actually at his side in the hospital. My nights of waiting for news were full of unnecessary stress.

I began to think of HIPAA as secrecy, not privacy. I hate it!

Jul. 30 2014 11:09 AM
Amy from Manhattan

I'll be out (PT!) by the time this segment airs, but when I got out of the hospital/rehab after being run over almost 1-1/2 years ago. I had the worst time trying to get my records, esp. my x-rays & MRIs to dr's. for follow-up care. The hospital staff kept saying, "Just come & pick them up!" I didn't seem to occur to any of them that someone *just released from the hospital* might have some mobility problems. (It was 3 subway trains away, & I was using crutches & hadn't recovered much of my strength yet--healing takes a *lot* of energy--plus I was on heavy-duty painkillers.) You have to either go in person or have an immediate family member go, w/your ID. Supposedly you can go to the provider & fill out a release authorization that they can fax (hello? I thought it was the 21st century?) to the hospital, but everybody has a different version of the rules. Eventually (months later), I got my records faxed to my dr., but I was told by the hospital's imaging dept. that they mailed CDs (21st century?) to 2 dr's. & then to my home, & none of them ever arrived. The bureaucracy is unbelievable.

A friend told me that after being hospitalized for a cracked rib in Vermont, they handed him his records & images when he was discharged. Why can't they do that everywhere?

Jul. 30 2014 10:49 AM

Leave a Comment

Email addresses are required but never displayed.

Get the WNYC Morning Brief in your inbox.
We'll send you our top 5 stories every day, plus breaking news and weather.