The Health Insurance Portability & Accountability Act (HIPAA) was created in 1996 to protect patients and their privacy, and if you are in healthcare, you already know this and are familiar with what it means. With a goal to ensure that people could maintain health insurance between jobs, thus the “Portability” part of the name; along with a second, and critical goal, to address the “Accountability” of insurance to protect the confidentiality part of the patient information and data. This meant mandating standards of privacy for electrotonic protected health information (PHI) and data that was uniform when transmitted during the course of care. This all meant that health plans could not deny eligibility based on health status; medical conditions, mental illness, genetic information, disability and other evidence of insurability.
While it is obvious now that this law was necessary, let’s dig deeper into why this was so important. For example, if you were suffering from a mental disorder, you might avoid seeking treatment because it becomes “part of your record” and something that your future employer might see as a risk factor in hiring you. You may (and very likely) avoid treatment, not wanting to take that chance. With HIPAA, you could seek the proper treatment and keep it between you and your doctor.
Did COVID-19 Undo HIPAA?
With the onset of COVID-19, the Office for Civil Rights (OCR) had to relax these laws as we’ve discussed previously, but there seems to be one question that remains unclear, and that is: How much PHI should be shared?
The National Law Review recently discussed this question in greater detail, going over the cases that set precedent to other situations that were relevant. They used an example of the difference in New Jersey and California to show how different states were revealing the identifiable information publicly regarding COVID patients. New Jersey’s Health Commissioner created a narrative around the state’s first patient that gave out so much detail, it included hobbies, place of employment, marriage status, and even his other health diagnoses. On the opposite side of the nation in California, minute details of a person are not being released. This decision was based on the discrimination that could follow should a group be identified as testing positive. For example, some of the first cases were from ethnic individuals who had recently traveled to China and identifying them as such could have provided an unjustified reason to create bias or prejudice. Does HIPAA protect the privacy of the person or the place?
So how much information is actually necessary to share and to whom is it okay to share with? This is going to have to be more clearly outlined and defined, otherwise, as you can see, the spectrum is too broad to say that there is even some resemblance to the HIPAA that was in place pre-COVID.
As we progress through this pandemic and find the best way through it, we keep at the forefront of all decision making, what is the best way to protect the majority.