FC: Mini-debate on HIPAA medical privacy law and journalists

[Declan McCullagh <declan () well com>]

Previous Politech message:
http://www.politechbot.com/p-04964.html

---

From: "Richard M. Smith" <rms () computerbytesman com>
To: <declan () well com>, <mfitzgerald () editorandpublisher com>,
   "Richard M. Smith" <rms () computerbytesman com>
Subject: RE: HIPAA medical privacy rule hinders reporting of Chicago  disaster
Date: Wed, 16 Jul 2003 17:53:31 -0400

Hi Declan,

It sounds to me like HIPAA is working as it was designed to.  I'm
shocked to learn from Mr. Fitzgerald that hospitals use to routinely
give out the names and addresses of their patients to the press.  My
expectation is that businesses should keep their customer lists
confidential.  Especially businesses like doctors offices, hospitals,
abortion clinics, banks, insunrance companies, etc.

Mr. Fitzgerald's opinion piece also fails the "Why do I care" test.
Just because someone is injured in an accident, I don't particular have
to know their name.  I don't see why the lack of names of people who
went to the hospital took away  from the reporting of this tragedy in
Chicago.

Perhaps next time, Mr. Fitzgerald can come up with a more compelling
example for the "harms" of HIPAA, rather than complaining that reporters
have to change a bit the way they do their jobs.

Richard M. Smith
http://www.ComputerBytesMan.com

---

To: "Richard M. Smith" <rms () computerbytesman com>
Cc: <declan () well com>, <mfitzgerald () editorandpublisher com>,
   "Richard M. Smith" <rms () computerbytesman com>
From: MFitzgerald () editorandpublisher com
Subject: RE: HIPAA medical privacy rule hinders reporting of Chicago  disaster
Date: Wed, 16 Jul 2003 18:23:04 -0400

Dear Mr. Smith,
      As I tried to point out in the piece, HIPAA burdens reporters, but
the bigger issue is that it cheats readers by depriving them of the details
that allow them to judge the veracity and relevance of a story. As you
suggest all articles must be subject to a "Why should I care" test. Names
are the reason you care. "Something happened to someone somewhere" is
hardly a compelling story. But fill in the blanks with an event that
interests you, a name that is familiar to you or a locality that is close
to you, and you do care. Americans want these details because we sense that
we would be less free if government withholds them from us--even if
allegedly for our own good. It might interest you to know that among the
responses I've gotten was e-mail from a hospital PR person who said she and
her colleagues would welcome a repeal of the HIPAA rules because the
information the media must now get from those not specifically covered by
the act--cops, firefighters, paramedics--often is wildly exaggerated or
distorted.

      Thanks for your serious response to the piece.
Best,
Mark Fitzgerald
Editor at Large
Editor & Publisher
6505 W. Palatine
Chicago, IL 60631
773.792.3512
773.792.3513 (fax)
mfitzgerald () editorandpublisher com

---

Date: Wed, 16 Jul 2003 14:22:32 -0700
From: Alan DeWitt
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) 
Gecko/20030624
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: declan () well com
Subject: Re: FC: HIPAA medical privacy rule hinders reporting of Chicago
 disaster

Hi Declan:

I am an IT worker who works under HIPAA rules, a free-press activist, and a 
close relative of a person who died in a media-circus event. I think I am 
well qualified to respond to this. Please feel free to post this to your 
list, but withold my contact information.

First, let me address the free press issue.

> Though 57 partygoers were injured in the porch collapse,
> Chicago readers learned the names of almost none of them because
> reporters were unable to identify anyone treated at area hospitals,
> unless those victims sought out the papers.

Honestly, I fail to see how this example represents a bad thing.

There is indeed a public interest in the release of aggregeate statistics 
in the aftermath of an accident. For example, it may be useful for the 
public to know that three men and two women were killed, fifteen had broken 
legs and twenty had broken arms, etc. The HIPAA rules do not prevent a 
hospital from releasing such statistics in aggregate or de-indentified 
form. What HIPAA does prevent is the release of any personally-identifiable 
health care information without the patient consent.

There is no overwhelming public interest served by a newspaper publishing 
the victims' names without their knowledge and consent. That is to say, 
there is insufficient public interest in personally identifying the victims 
to outweigh the privacy of the injured and their family.

If the victim (or the victim's representative) consents to such disclosure, 
then HIPAA does not stand in the way. If the hospital chooses to release 
aggregate information (or specific information that does not indentify 
particular patients) HIPAA does not stand in the way. But if the victim 
does not consent, or is unable to consent, then HIPAA does what it was 
designed to do: protects the patient's privacy.

If you ever are involved in such an event, you will not regard this as a 
bad result!

As for the law itself, despite what you may have heard HIPAA is generally a 
good, flexible, well-crafted law. To oversimplify it dramatically, HIPAA 
demands  that a health care provider specify the ways in which it will 
disclose personally-identifiable health information, and that the provider 
stick to its own rules. That's it in a nutshell.

Although bad implementations exist, this is not a problem with the law 
itself. Think of it like ISO 9000: it is a standard set of guidelines to 
produce a desired result, but the actual implementation is left to the 
company adopting the standard. The implementation may be helpful to the 
work, or it may be harmful... but it's not the fault of the standard 
itself. The major difference is that adopting the ISO 9000 standard is 
optional, whereas HIPAA is mandatory. I happen to work in a clinic that has 
a very good implementation of HIPAA. Implemented properly, it is not very 
burdesome to a medical practice, and the burdens it imposes are appropriate 
and necessary.

I hope this is helpful to your readers.

-Alan

---

Date: Thu, 17 Jul 2003 08:47:38 +1000
From: grenville armitage <garmitage () swin edu au>
Organization: Centre for Advanced Internet Architectures, Swinburne 
University of
 Technology
To: declan () well com
Subject: Re: FC: HIPAA medical privacy rule hinders reporting of 
Chicagodisaster

Declan McCullagh wrote:
        [..]
> Though 57 partygoers were injured in the porch collapse,
> Chicago readers learned the names of almost none of them because reporters
> were unable to identify anyone treated at area hospitals, unless those
> victims sought out the papers.

The solution presents itself right there. The media needs to begin asking
the public to explicitly opt-in. Perhaps set up a "You can publicize my
misfortune" database, along the lines of the federal "Do not call" database.

See how well that goes over.

cheers,
gja
--
Grenville Armitage
http://caia.swin.edu.au
I come from a LAN downunder.

---

Date: Wed, 16 Jul 2003 15:33:09 -0700
From: Mike Banks Valentine <learn () website101 com>
Reply-To: learn () website101 com
Organization: WebSite101
To: declan () well com
Subject: Re: FC: HIPAA medical privacy rule hinders reporting of 
Chicagodisaster

Declan McCullagh wrote:

> http://www.editorandpublisher.com/editorandpublisher/headlines/article_disp
> lay.jsp?vnu_content_id=1933765
>
> JULY 16, 2003
> New Medical Privacy Rule Is Bad Medicine for Press
> Chicago Porch Collapse Illustrates Problems

HIPAA is meant to protect patient privacy and the fact that reporters can't get
names and contact information is certainly no problem to those patients.
Readers don't remember those names listed in stories unless they know the
person or the victim is a celebrity.

I am a former photojournalist that experienced the hatred of families and
victims of accidents when I showed up at construction accidents and vehicle
wrecks. They universally wanted me OUT OF THERE when I showed up to do my job,
take photographs and get names. I hated that my job required me to invade the
privacy of victims of horrific accidents. Asking them names and getting contact
info was hell.

Ultimately I quit that job because of this issue.

Why do we need those names in the public press, especially when victims most
often don't want to be indentified? Surely there are witnesses willing to be
identified who can answer more than "how did it feel when the balcony fell on
your head?"

Privacy is more important than tearful victims blubbering through their
bandages about their injuries.

Mike Banks Valentine
http://PrivacyNotes.com
--
**FED UP With Email Harvesting SpamBots?**
Click below to EMAIL me - Go ahead, click it!

http://privacynotes.com/cgi-bin/M/msb.cgi?3
     It's an email link. No REALLY! Try it!

Free Download here: http://tinyurl.com/gqsn

---

Date: Wed, 16 Jul 2003 16:48:03 -0700
To: declan () well com, politech () politechbot com
From: David Honig <dahonig () cox net>
Subject: Re: FC: HIPAA medical privacy rule hinders reporting of
  Chicago  disaster
In-Reply-To: <5.2.1.1.0.20030716160324.04572ec0 () mail well com>

At 04:05 PM 7/16/03 -0400, Declan McCullagh wrote:
>
>JULY 16, 2003
>New Medical Privacy Rule Is Bad Medicine for Press
>Chicago Porch Collapse Illustrates Problems
>
>By Mark Fitzgerald
>Certainly none of the Chicago hospitals were willing to risk releasing
>information. Though 57 partygoers were injured in the porch collapse,
>Chicago readers learned the names of almost none of them because reporters
>were unable to identify anyone treated at area hospitals, unless those
>victims sought out the papers.

So the gripe is that the identities of victims was kept private?

What if a reporter wants to interview AZT takers, former ECT
patients, etc.  Should their names be given out freely?

Reporters have no more rights than patients.

---

Reply-To: jcborden () earthlink net
X-Mailer: EarthLink MailBox 2003.3.84.0 (Windows)
From: "Jerome Borden" <jcborden () earthlink net>
To: "Declan McCullagh" <declan () well com>
Subject: RE: FC: HIPAA medical privacy rule hinders reporting of 
Chicagodisaster
Date: Wed, 16 Jul 2003 21:07:28 -0600

What, no Police Report???
Surely, there is a "blotter" report somewhere.
That used to be the way young "cub" reporters were broken in, covering the
local booking stations and their blotters.

Jerome from Layton




-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
-------------------------------------------------------------------------
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
Declan McCullagh's photographs are at http://www.mccullagh.org/
Like Politech? Make a donation here: http://www.politechbot.com/donate/
-------------------------------------------------------------------------