HIPAA is an arguably well-intentioned privacy law that seems to yield nothing but “unintended” consequences. I put “unintended” in quotes because the consequences are often remarkably convenient, at least for those with power. I’m not sure you can call something that convenient “unintended.”
The problem has gotten so bad that even National Public Radio and the Pro Publica organization – hotbeds of bien pensant liberalism – have started to notice. This story, for example, could be mined for a host of dubious achievements in privacy law:
In the name of patient privacy, a security guard at a hospital in Springfield, MO., threatened a mother with jail for trying to take a photograph of her own son.
In the name of patient privacy, a Daytona Beach, FL., nursing home said it couldn’t cooperate with police investigating allegations of a possible rape against one of its residents.
In the name of patient privacy, the US Department of Veterans Affairs allegedly threatened or retaliated against employees who were trying to blow the whistle on agency wrongdoing.
When the federal Health Insurance Portability and Accountability Act passed in 1996, its laudable provisions included preventing patients’ medical information from being shared without their consent and other important privacy assurances.
But as a litany of recent examples show, HIPAA, as the law is commonly known, is open to misinterpretation — and sometimes provides cover for health institutions that are protecting their own interests, not patients’.
“Sometimes it’s really hard to tell whether people are just genuinely confused or misinformed, or whether they’re intentionally obfuscating,” said Deven McGraw, partner in the healthcare practice of Manatt, Phelps & Phillips and former director of the Health Privacy Project at the Center for Democracy & Technology.
At this point, we’ve seen a boatload of stories in which HIPAA produces stupid or bad results. The real question is whether there are any stories in which HIPAA has produced unequivocally good results – things that wouldn’t have happened without the law. Otherwise, we’re looking at a law passed to prevent nonexistent abuses that has become a source of abuse itself. In my view, that’s a recipe for repeal – and pretty much the story of most privacy law.