New privacy regulation

I recently sent you an e-Alert about the new medical privacy regulation (“Orwell Redux” 4/14/03) and received a number of e-mails in response to one particular detail. An HSI member named Carlos sent a question that, in so many words, represents the others:

“I wanted to know if there is a specific statement within the new privacy regulation that addresses the issue of being assigned and referring to patients by a new medical ID number. My wife works for several doctors and apparently has not read or heard this.”

The same week I sent that e-Alert (and the same week that the new HIPAA regulation went into effect), I paid a visit to my doctor. I wasn’t given information about the new privacy rules, and I was called in from the waiting room by my name, not by my medical identification number. And to be honest, that didn’t surprise me. In the e-Alert I sent, I said, “Once you’ve received your new medical ID number, the receptionist may call you in from the waiting room by your number instead of your name.”

In other words, I meant to illustrate just one of the more superficial ways that protocols in doctors’ offices might change. I didn’t mean to imply that this was a strictly spelled out regulation that would be followed to the letter.

Many of the new procedures called for by the medical privacy regulation won’t be noticed by the average person paying a visit to their doctor – such as the requirement for encryption software that must be used for the transfer of private records. And while some of these measures will protect our privacy, many of them will simply add unnecessary constraints and paperwork that – according to government estimates – will cost healthcare providers, insurance companies, pharmacists, and hospital administrators as much as $4 billion dollars in order to comply.

As one HSI member (an insurance agent) wrote last week, “Who needs it?”

To Your Good Health,

Jenny Thompson
Health Sciences Institute