Medical data is oftentimes accidentally leaked. Computer glitches can allow for unauthorized personnel to access private information. Sometimes a file is left out and picked up by a curious passerby. Seemingly small errors of judgment can result in a HIPAA privacy violation for hundreds, if not thousands of patients.
Intentional leaks of private information are even worse. A staff member treats a big name at a local medical facility and sells their medical information to a newspaper or magazine. Believe it or not, a relative of a medical worker stole a spreadsheet that contained patients’ contact info and contacted them to to tell them they were HIV positive as a joke. Some of these stories are disappointing to say the least.
The topic of privacy violations-whether intentional or not-raises an important question. Is there ever an instance that makes it OK be in violation of HIPAA rules? Is protecting patients privacy more important than anything else? Could there ever be an instance where harm could be caused to the patient or someone else if their info was kept private?
Let’s address a few things first. The examples given are unmistakably wrong and harmful to the victims in numerous ways. Often times HIPAA policy makes perfect sense and serves it’s purpose of safeguarding patient information. Personal financial gains should never be the result of exploiting someones medical information. In addition, spreading inaccurate information about someones health should never be done by anyone. That is clear. But what about some situations that may lie in the gray area?
How about for the safety of the public? Is it ever more safe for others to disclose an individuals health information? What about highly contagious diseases – should schools and workplaces be notified in order to protect others? HIPAA protects the privacy of that patient but what about the safety and health of those around him? Are those people less important?
What about the patient’s own safety and well-being? Medical staff have access to a large amount of personal info. According to HIPAA, he must keep that information private. What if a doctor is aware of a recent suicide attempt and thinks it would be beneficial to notify a family member to have them keep an eye on the patient and offer support? Is it better to guard the patient’s privacy or his life?
These are difficult questions to answer. But in a world that has become so obsessed with safeguarding the privacy of the individual, maybe it is time to stop and ask ourselves “Is there a downside to so much privacy?”