The conversion of medical records from paper to digital held great promise: quick access to patient records, sharing of medical information, accuracy, and lower cost. But electronic data systems, by their very nature, are open to abuse. HIPAA was implemented to protect the privacy of personal health information. While protection is necessary, HIPAA has proven complicated, costly, and in fact a double edged sword.
Have you ever registered at a hospital or medical office prior to a procedure, heard again the familiar privacy questions, delivered the electronic signatures, and said (again) no I do not want printed versions of these statements? Annoying perhaps, but swiftly over. Though there are clearly certain medical records that should not be shared with certain other parties, the flip side is that information sharing is often key to effective treatment, both individually and on a global scale. Vaccine records are key to public health and should be in a global database. In a pandemic, access to pandemic related medical information is critical. A requirement of individual consent poses a significant roadblock to identification and implementation of processes that would best contain it. More generally, electronic medical records are of inestimable value to medical research, yet complying with HIPAA privacy rules — and additional federal and state regulations — often make data sharing legally and financially prohibitive.
We are all aware of the high and rising costs of medical care. What is HIPAA’s contribution to these costs? In a 2019 article in the journal Medical Economics, Dr. Kim-Lien Nguyen estimates the actual costs of HIPAA compliance at close to $8.3 billion a year, with each physician on average spending $35,000 annually for health information technology upkeep, costs which are likely passed onto patients. The true costs, however, are unknown and buried under layers of purportedly necessary bureaucracy. These costs do not account for the added stress inflicted upon healthcare clinicians and patients struggling to allow one another access to important and necessary healthcare information (it has not helped that electronic medical records systems have been burdened with providing billing information). Nguyen writes that HIPAA has impeded communication about risks to the public, contributed to inefficient care of patients by limiting physician communication, deterred medical research through the high costs of compliance, and stolen physician time from patients.
Overall, compliance with HIPAA privacy rules has contributed to unsustainably rising costs and impeded advances in healthcare. In a pandemic, its burdens become even more obvious and will continue to do so as vaccines become available. Drastic measures to simplify and correct impediments imposed by HIPAA are in order.