HIPAA

[conuly]

That's ONE p and TWO a's.

I know, I know, you think intuitively that it should be the other way around, because that's how spelling works - but it's an acronym. Stands for "Health Insurance Portability and Accountability Act". One p. Two a's.

Comments

[malinaldarose]

One of my pet peeves.

[readerjane]

Plus, it makes me think of a hippo, so why couldn't they just have called it Health Insurance Portability and Privacy Act? So much easier.

[conuly]

Now you're bringing logic into this.

[siderea]

Because it isn't about privacy? Except in the negative sense. HIPAA is about limiting the public's legal expectations of medical privacy so that data can be Portable.

HIPAA bears not resemblance to what people think it is.

[delight]

That's what most people think it is! Which makes me want to shoot myself on a daily basis because it's a big part of my work.

It's all about portability, though. Privacy is kind of an afterthought, it's just what most laypeople interact with. We frequently have to yell "IT STANDS FOR PORTABILITY" when other clinics are giving us issues as regards integration (my job); we are SUPPOSED to be sharing information, and HIPAA creates a framework in which to operate that sharing. Because it is inherently focused on information sharing, privacy has to be a component, but privacy is the only part most of the world is exposed to.

And also frustrating clinic administrators who think everything under the sun is a violation. I pretty much have the law memorized (not word for word) and most of what they think is, er, isn't.

[siderea]

AND FOR ANOTHER THING...!

I would disagree about it being an afterthought. What HIPAA did to privacy was utterly the point, and absolutely deliberate. I believe because reasons but can't substaniate it was to head off the nascent data privacy activism movement arising among computer professionals (same activism that earlier gave us the EFF). Boy being simultaneously a computer security prof and a medical professional in the 00's was sure interesting.

[delight]

I actually completely agree with that; as usual your phrasing is just much better than mine. XD Privacy is a major component but not in the way I feel that most laypeople expect it to be (and a number of our therapists, who refuse to share ANY INFORMATION at ANY TIME with ANYONE even with signed consents, expect it to be). It doesn't mean that everything is secret always was more the aim I was going for.

Ever looked at AskReddit? The number of commenters who say people can't share vague, anonymized case stories "because HIPAA" are legion. Falls under the same thing as the therapist who won't let the PCP read session notes when the client signed a consent for them to do so.

[siderea]

Well, in fairness, you can't actually tell when a therapist refuses to share notes that it's because they don't understand HIPAA. I, uh, have played dumb about HIPAA to, uh, avoid unproductive arguments. "Can't. HIPAA." is probably my favorite excuse in the world.

And ~no PCP has any business in a therapist's notes. PCP should be corresponding with the therapist, and there needs, if at all possible, to be a therapy session with the patient, or at least a conversation, where the therapist discusses with the patient what their expectations of disclosure are, and how they feel about the therapist disclosing specific things, and also the therapist discussing with the patient their understanding of the risks of certain disclosures about which they may be unaware.

PCPs don't want to hear any of this, and they particularly do not want to hear about how I need to warn their patients about their EHR.

So, "Can't. HIPAA. motherfucker" it is.

[delight]

The client actually asked for the notes to be shared, which is how I ended up coming in -- integration stuff is voluntary, but only on the part of the client. If they want it, the providers are expected to comply. Said client also reads their own treatment notes, I believe, so they know what they're disclosing.

But I'll keep in mind for future that the therapists might be artfully playing dumb instead of misunderstanding. SO NOTED. :)

(The computer system, fwiw, records each case completely separately in such a way that the PCP would only be able to see a specific, authorized note -- not all of them. The only people who can get into the full charts are the therapists, psychiatrists, and sometimes me, but I don't need the freeform notes so I have never to my knowledge looked at them. Not my business.)

[silveradept]

Indeed. I have to over-pronounce the AA to remember the spelling.

[conuly]

hip AAAAAAAAAH!

[silveradept]

Which is what you yell whenever there's a data breach or mishandling.

[senmut]

I'm usually a bit more profane, both at my former employees and coworkers and clients.

If I am talking to a person over the phone about patient info, I should not ALSO be hearing that person's coworker on another call discussing another patient. And I keep running into this.

[ioplokon]

Still seems like a thoughtless choice on the part of the legislature. Could think not think of a backronym for HIPPA?

[conuly]

Nope.

[movingfinger]

Saw HIPA on a sheet at the doctor's.

The variations people come up with on DMCA drive me nuts, too.

[siderea]

So HIPAA is a topic that I want to write on, but haven't because I haven't been able to manage my temper adequately to be productive.

One version starts with thus:

Pop quiz! Which "P" in HIPPA stands for "Privacy"?

ETA: Working title: "HIPAA is a Fraud".

[conuly]

Best wishes that you'll be able to do that soon.

[zesty_pinto]

I worked in a lot of hospitals doing admin work, so HIPAA protocol was a common concern on our end. Oddly enough, I don't see it as much since I moved out of NY. I would have figured at least Boston would follow HIPAA, but maybe it's only referenced by people who are in the business practice, which I found a bit odd since I swear people in NYC actively mentioned HIPAA, at the very least to apply in other lines of work.