Considering the various privacy issues that have plagued this administration, most recently in the form of the whole NSA wiretapping debacle, what would make anyone think they'd give a damn about the privacy of anyone but themselves?

Since http://www.slashdot.org/ [slashdot.org] is read through out the world, I'd modify this story's title to read...

Medical Privacy Laws [in the USA] Highly Ineffectual

Slashdotters all over the world are smart enough to know that the problem with those medical records is largely a local problem. That is to say, it is a US problem and not a problem for the whole world. Here in Sweden, we have no such trouble.

Two problems. First, the ratio. It seems hard to believe that only two out of thousands were serious enough to prosecute. Secondly, more crucially, is the explanation given. It isn't that they've investigated the thousands of complaints and found that they don't warrant prosecution, it's that they want "voluntary compliance". Sorry, but that's stupid. The whole point of laws is that they're enforced. If you want people to play nice voluntarily then don't pass a law. If you pass a law then enforce it.

What "NSA wiretapping debacle" are you talking about? A debacle is when you are defeated. In the case of US Government spying on millions of its citizens, what happended is just that the news got out. Were they forced by public outcry to stop such activities, you could call it a debacle. But, for what I know (I'm not American, so maybe missed something) they didn't stop. US citizens lost, not the Government.

When scandals explode, it's too easy to think "Aha, they got caught! Now they HAVE to stop this!", but it's not always what actually happens. The fact that many Americans put so much faith in the power of free information speaks very well about the level of freedom and democracy they enjoyed until recently.

Thanks for the tried and true GOP talking points: First, there's no problem here, move along. Second, if there is a problem it is because of the Clintons (or "Clinton's", if you prefer). Nicely done. Your tax cut is in the mail.

Sure, I agree that there are reasons for HIPPA. I used to work at a firm that required HIPPA certification and I hold a current HIPPA cert. What is troublesome is how the HIPPA laws are used to either avoid dealing with things that are broken, or that they don't necessarily protect the so-called protected information. It could also lead to a person's death if not handled by someone that can bend the rules when the exceptions arise. That's what has me concerned - the lack of a plan for when things don't flow through the gates as expected. It has nothing to do with which adminstration is in power and everything to do with what makes logical sense. The way a hospital enforces HIPPA is broken - at least in my opinion from personal experience.

Most major health care organizations use outside auditors to look at privacy compliance. It is taken very, very seriouly by hospitals and the other organizations. My wife has dealt with the auditors at the ambulatory surgery center where she practices. They have made all kinds of nit-picky changes to their procedures, many of which make no sense. Example: when patients with dentures or retainers go in for surgery, they have to take the appliance out and it is placed in a plastic container of water. The container has a label from the medical records printout attached. After the patient leaves, procedure was to throw the empty plastic container in the medical waste bin for disposal by burning. The auditor demanded that they peel the label off after use and shred it.

My late father had to have an outside auditor survey his office in order to remain on the list of authorized providers at several major insurance companies.

The regulations are ambiguous as can be, so violations are going to happen until the appropriate practices are worked out.

According to HIPAA, at least as of a couple years ago, no privacy violation was too small. Including, say, a nurse coming to the waiting room and asking for "Mrs. Smith". After all, Mr. Jones sitting next to her would then know that woman's name. Instead, the only proper method for calling patients back to the treatment rooms is installing one of those "take a number" dispensers, then calling patients by number.

Never mind that we live in a small town where Mrs. Smith and Mr. Jones went to kindergarten together and come from families that have been here for 150 years. And forget that my wife is a podiatrist and that visiting her isn't inherently compromising (unlike, say, sitting in the lobby of a clinic for sexually transmitted diseases).

So, according to HIPAA, my wife is breaking the law each and every time she treats her patients like people instead of numbers. We haven't had a complaint yet and don't expect to, but could technically be busted for violating Mrs. Jones's privacy at any moment.

Well said. I've been practicing medicine for about 10 years, and I've seen my share of mishaps regarding privacy (even today). The hospital I currently work out of is very strict when it comes to privacy, and the punishments are, for the most part, pretty harsh. But violations, as I've said before, are handled first at a local level, ie the hospital administration, unless a lawsuit is filed. So punishments tend to be non-publicized, but are still appropriate. The public don't hear about remedies unless they're brought to the federal level, so this may skew the effectiveness of HIPAA regulations in general. I'm not sure about this, and I couldn't post any figures that may back this up, but it may be a reason why some think that HIPAA is ineffective. I can tell you that the regulations are confusing, and it HAS increased the cost and decreased the efficiency of the healthcare system in this country- a lot of extra work, paperwork, processing time....

Since no one has pointed it out yet, I should mention that HIPAA stands for the Health Information Portability and Accountability Act. It's the portability part that came first. The accountability part only came after privacy advocates objected. The main purpose of HIPAA was to make it easier to share data among care providers. The medical profession is much more spread out among different specialties and facilities than it ever was in the past.

One of the basic principals of HIPAA is that you can share data with anyone who is directly involved in the care of the patient and anyone who is responsible for billing for that care. I am involved with a clinical laboratory. We take samples from referring physicians, process them and give the results back. Many patients probably don't even realize that they are in our database. It seems to me that this is one of the weaknesses in HIPAA. You ought to have a right to know who has your data.

The principal of medical privacy is there to prevent anyone from avoiding treatment for fear that their information will get out. This not only applies to people with diseases which might have a social stigma but it also applies to a case like that of a criminal on the run. Such a person should not have to avoid medical treatment for fear of being tracked through medical records. This is tantamount to denying medical care. Doctors should not be part of law enforcement (of course that general principal is not absolute when you consider examples like child abuse). I wonder if the level of access by law enforcement to medical data may already be causing some people to avoid, or delay being tested for conditions.

HIPAA needs to to have a number of new provisions. You should be able to find out who has medical records on you, you should be able to get copies and have the original records deleted, or more likely anonymized since many laws require bulk reporting of the occurrence of certain diseases.

At my employer, as with many companies these days, the health insurance that's offered to employees has changed from a standard insurance provider like Blue Cross (just for example), to "Self-Insured", under the federal Employee Retirement Income Security Act, a.k.a., "ERISA".

What this means, besides the loss of virtually all state-mandated consumer protection in the area of medical reimbursement (because ERISA supercedes all that), is that now, instead of a 3rd party insurer getting my medical billing info, and keeping my employer at least an arm's length away from it, my employer gets to see it all.

So what's the point of "Medical Privacy Laws" if the information is specifically made available to the very people one would probably want to not have access to it?