FC: Mini-debate on HIPAA medical privacy law and journalists

From: Declan McCullagh (declanat_private)
Date: Wed Jul 16 2003 - 21:15:05 PDT

  • Next message: Declan McCullagh: "FC: Vault.com admits sending bulk unsolicited email: "It's not spam!""

    Previous Politech message:
    http://www.politechbot.com/p-04964.html
    
    ---
    
    From: "Richard M. Smith" <rmsat_private>
    To: <declanat_private>, <mfitzgeraldat_private>,
        "Richard M. Smith" <rmsat_private>
    Subject: RE: HIPAA medical privacy rule hinders reporting of Chicago  disaster
    Date: Wed, 16 Jul 2003 17:53:31 -0400
    
    Hi Declan,
    
    It sounds to me like HIPAA is working as it was designed to.  I'm
    shocked to learn from Mr. Fitzgerald that hospitals use to routinely
    give out the names and addresses of their patients to the press.  My
    expectation is that businesses should keep their customer lists
    confidential.  Especially businesses like doctors offices, hospitals,
    abortion clinics, banks, insunrance companies, etc.
    
    Mr. Fitzgerald's opinion piece also fails the "Why do I care" test.
    Just because someone is injured in an accident, I don't particular have
    to know their name.  I don't see why the lack of names of people who
    went to the hospital took away  from the reporting of this tragedy in
    Chicago.
    
    Perhaps next time, Mr. Fitzgerald can come up with a more compelling
    example for the "harms" of HIPAA, rather than complaining that reporters
    have to change a bit the way they do their jobs.
    
    Richard M. Smith
    http://www.ComputerBytesMan.com
    
    ---
    
    To: "Richard M. Smith" <rmsat_private>
    Cc: <declanat_private>, <mfitzgeraldat_private>,
        "Richard M. Smith" <rmsat_private>
    From: MFitzgeraldat_private
    Subject: RE: HIPAA medical privacy rule hinders reporting of Chicago  disaster
    Date: Wed, 16 Jul 2003 18:23:04 -0400
    
    Dear Mr. Smith,
           As I tried to point out in the piece, HIPAA burdens reporters, but
    the bigger issue is that it cheats readers by depriving them of the details
    that allow them to judge the veracity and relevance of a story. As you
    suggest all articles must be subject to a "Why should I care" test. Names
    are the reason you care. "Something happened to someone somewhere" is
    hardly a compelling story. But fill in the blanks with an event that
    interests you, a name that is familiar to you or a locality that is close
    to you, and you do care. Americans want these details because we sense that
    we would be less free if government withholds them from us--even if
    allegedly for our own good. It might interest you to know that among the
    responses I've gotten was e-mail from a hospital PR person who said she and
    her colleagues would welcome a repeal of the HIPAA rules because the
    information the media must now get from those not specifically covered by
    the act--cops, firefighters, paramedics--often is wildly exaggerated or
    distorted.
    
           Thanks for your serious response to the piece.
    Best,
    Mark Fitzgerald
    Editor at Large
    Editor & Publisher
    6505 W. Palatine
    Chicago, IL 60631
    773.792.3512
    773.792.3513 (fax)
    mfitzgeraldat_private
    
    ---
    
    Date: Wed, 16 Jul 2003 14:22:32 -0700
    From: Alan DeWitt
    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) 
    Gecko/20030624
    X-Accept-Language: en-us, en
    MIME-Version: 1.0
    To: declanat_private
    Subject: Re: FC: HIPAA medical privacy rule hinders reporting of Chicago
      disaster
    
    Hi Declan:
    
    I am an IT worker who works under HIPAA rules, a free-press activist, and a 
    close relative of a person who died in a media-circus event. I think I am 
    well qualified to respond to this. Please feel free to post this to your 
    list, but withold my contact information.
    
    First, let me address the free press issue.
    
     > Though 57 partygoers were injured in the porch collapse,
     > Chicago readers learned the names of almost none of them because
     > reporters were unable to identify anyone treated at area hospitals,
     > unless those victims sought out the papers.
    
    Honestly, I fail to see how this example represents a bad thing.
    
    There is indeed a public interest in the release of aggregeate statistics 
    in the aftermath of an accident. For example, it may be useful for the 
    public to know that three men and two women were killed, fifteen had broken 
    legs and twenty had broken arms, etc. The HIPAA rules do not prevent a 
    hospital from releasing such statistics in aggregate or de-indentified 
    form. What HIPAA does prevent is the release of any personally-identifiable 
    health care information without the patient consent.
    
    There is no overwhelming public interest served by a newspaper publishing 
    the victims' names without their knowledge and consent. That is to say, 
    there is insufficient public interest in personally identifying the victims 
    to outweigh the privacy of the injured and their family.
    
    If the victim (or the victim's representative) consents to such disclosure, 
    then HIPAA does not stand in the way. If the hospital chooses to release 
    aggregate information (or specific information that does not indentify 
    particular patients) HIPAA does not stand in the way. But if the victim 
    does not consent, or is unable to consent, then HIPAA does what it was 
    designed to do: protects the patient's privacy.
    
    If you ever are involved in such an event, you will not regard this as a 
    bad result!
    
    As for the law itself, despite what you may have heard HIPAA is generally a 
    good, flexible, well-crafted law. To oversimplify it dramatically, HIPAA 
    demands  that a health care provider specify the ways in which it will 
    disclose personally-identifiable health information, and that the provider 
    stick to its own rules. That's it in a nutshell.
    
    Although bad implementations exist, this is not a problem with the law 
    itself. Think of it like ISO 9000: it is a standard set of guidelines to 
    produce a desired result, but the actual implementation is left to the 
    company adopting the standard. The implementation may be helpful to the 
    work, or it may be harmful... but it's not the fault of the standard 
    itself. The major difference is that adopting the ISO 9000 standard is 
    optional, whereas HIPAA is mandatory. I happen to work in a clinic that has 
    a very good implementation of HIPAA. Implemented properly, it is not very 
    burdesome to a medical practice, and the burdens it imposes are appropriate 
    and necessary.
    
    I hope this is helpful to your readers.
    
    -Alan
    
    ---
    
    Date: Thu, 17 Jul 2003 08:47:38 +1000
    From: grenville armitage <garmitageat_private>
    Organization: Centre for Advanced Internet Architectures, Swinburne 
    University of
      Technology
    To: declanat_private
    Subject: Re: FC: HIPAA medical privacy rule hinders reporting of 
    Chicagodisaster
    
    Declan McCullagh wrote:
    	[..]
     > Though 57 partygoers were injured in the porch collapse,
     > Chicago readers learned the names of almost none of them because reporters
     > were unable to identify anyone treated at area hospitals, unless those
     > victims sought out the papers.
    
    The solution presents itself right there. The media needs to begin asking
    the public to explicitly opt-in. Perhaps set up a "You can publicize my
    misfortune" database, along the lines of the federal "Do not call" database.
    
    See how well that goes over.
    
    cheers,
    gja
    -- 
    Grenville Armitage
    http://caia.swin.edu.au
    I come from a LAN downunder.
    
    ---
    
    Date: Wed, 16 Jul 2003 15:33:09 -0700
    From: Mike Banks Valentine <learnat_private>
    Reply-To: learnat_private
    Organization: WebSite101
    To: declanat_private
    Subject: Re: FC: HIPAA medical privacy rule hinders reporting of 
    Chicagodisaster
    
    Declan McCullagh wrote:
    
     > http://www.editorandpublisher.com/editorandpublisher/headlines/article_disp
     > lay.jsp?vnu_content_id=1933765
     >
     > JULY 16, 2003
     > New Medical Privacy Rule Is Bad Medicine for Press
     > Chicago Porch Collapse Illustrates Problems
    
    HIPAA is meant to protect patient privacy and the fact that reporters can't get
    names and contact information is certainly no problem to those patients.
    Readers don't remember those names listed in stories unless they know the
    person or the victim is a celebrity.
    
    I am a former photojournalist that experienced the hatred of families and
    victims of accidents when I showed up at construction accidents and vehicle
    wrecks. They universally wanted me OUT OF THERE when I showed up to do my job,
    take photographs and get names. I hated that my job required me to invade the
    privacy of victims of horrific accidents. Asking them names and getting contact
    info was hell.
    
    Ultimately I quit that job because of this issue.
    
    Why do we need those names in the public press, especially when victims most
    often don't want to be indentified? Surely there are witnesses willing to be
    identified who can answer more than "how did it feel when the balcony fell on
    your head?"
    
    Privacy is more important than tearful victims blubbering through their
    bandages about their injuries.
    
    Mike Banks Valentine
    http://PrivacyNotes.com
    --
    **FED UP With Email Harvesting SpamBots?**
    Click below to EMAIL me - Go ahead, click it!
    
    http://privacynotes.com/cgi-bin/M/msb.cgi?3
          It's an email link. No REALLY! Try it!
    
    Free Download here: http://tinyurl.com/gqsn
    
    ---
    
    Date: Wed, 16 Jul 2003 16:48:03 -0700
    To: declanat_private, politechat_private
    From: David Honig <dahonigat_private>
    Subject: Re: FC: HIPAA medical privacy rule hinders reporting of
       Chicago  disaster
    In-Reply-To: <5.2.1.1.0.20030716160324.04572ec0at_private>
    
    At 04:05 PM 7/16/03 -0400, Declan McCullagh wrote:
     >
     >JULY 16, 2003
     >New Medical Privacy Rule Is Bad Medicine for Press
     >Chicago Porch Collapse Illustrates Problems
     >
     >By Mark Fitzgerald
     >Certainly none of the Chicago hospitals were willing to risk releasing
     >information. Though 57 partygoers were injured in the porch collapse,
     >Chicago readers learned the names of almost none of them because reporters
     >were unable to identify anyone treated at area hospitals, unless those
     >victims sought out the papers.
    
    So the gripe is that the identities of victims was kept private?
    
    What if a reporter wants to interview AZT takers, former ECT
    patients, etc.  Should their names be given out freely?
    
    Reporters have no more rights than patients.
    
    ---
    
    Reply-To: jcbordenat_private
    X-Mailer: EarthLink MailBox 2003.3.84.0 (Windows)
    From: "Jerome Borden" <jcbordenat_private>
    To: "Declan McCullagh" <declanat_private>
    Subject: RE: FC: HIPAA medical privacy rule hinders reporting of 
    Chicagodisaster
    Date: Wed, 16 Jul 2003 21:07:28 -0600
    
    What, no Police Report???
    Surely, there is a "blotter" report somewhere.
    That used to be the way young "cub" reporters were broken in, covering the
    local booking stations and their blotters.
    
    Jerome from Layton
    
    
    
    
    -------------------------------------------------------------------------
    POLITECH -- Declan McCullagh's politics and technology mailing list
    You may redistribute this message freely if you include this notice.
    -------------------------------------------------------------------------
    To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
    This message is archived at http://www.politechbot.com/
    Declan McCullagh's photographs are at http://www.mccullagh.org/
    Like Politech? Make a donation here: http://www.politechbot.com/donate/
    -------------------------------------------------------------------------
    



    This archive was generated by hypermail 2b30 : Wed Jul 16 2003 - 23:46:00 PDT