Send in the clowns.

As anyone in health care–or anyone who has received health care recently–knows, there are new federal privacy laws in place. These are referred to as HIPAA, for the federal legislation passed to insure portability in health insurance and privacy in health information. Well-intentioned and useful in many regards–it includes much-needed standardization of forms and electronic communication between providers and insurance carriers, for example–it nevertheless has caused significant changes in the way medical practices and hospitals handle patient privacy and health care information. And, as should be expected with massive federal legislation, there are, shall we say, some unintended consequences. I had the misfortune of falling into just such a snare recently.

Much of the surgery I perform is done on an outpatient basis–patients come in the day of surgery, have their procedure, and typically go home an hour or two later. In days past, prior to the implementation of HIPAA, when a patient reached the recovery room after surgery and became stable, their family was allowed into recovery to visit them. HIPAA did away with this practice, because of concerns that family would recognize another patient undergoing surgery that day, violating their privacy. Alternatively, the physician would go to the waiting area, and call out the patient’s name, in order to locate and talk with the family. This, as you can imagine, is a no-no now as well, but in practice it all worked quite nicely. Private rooms were always available when needed, when the news was bad, emotions high, or a long, detailed discussion required.

To eliminate the risks of accidently revealing confidential medical information or patient identity, a system of aliases was developed by our local hospital. Patients and their families were assigned a letter of the alphabet on admission, and a master sheet of patient names was given to the nursing staff and volunteers in the waiting area. So you were no longer Mr. Jones, but now were the letter “a”. As our ambulatory surgery suite is rather busy, families would go to double and triple letters if needed, such as “double-e” or “triple-m”. When the patient came out of surgery, the secretary in recovery room, who held the name-letter key, called the volunteers, giving them the name and the letter. The volunteers then announced the letter, the family, repsonded, and were placed in a private room to await the doctor. Nice, simple system, seemingly bulletproof … seemingly.

An elderly gentleman had surgical removal of a bladder cancer by me, using endoscopy–a common and generally uneventful surgery, which is often curative, as many bladder cancers are not very aggressive and can be totally removed by shaving them out of the bladder. After writing the postoperative orders and talking briefly with the partially-awake patient and his nurse, I headed out the the waiting area to talk with his family. They were waiting, as is customary, in the private conference room.

I introduced myself–not having met the patient’s family before (not an unusual circumstance)–and began to discuss his surgery. I reassured them that surgery had gone well, and that he had not had any problems with the procedure or anesthesia. They smiled and seemed relieved. I told them that I believed the cancer was totally removed, although the report from the pathologist several days later would provide the full answer. They were particularly pleased by this news, and seemed physically to relax a little. I advised them that this type of cancer tended to recur, and that he would need periodic scoping in the office to monitor for such an occurrence. They smiled, although seeming a little troubled by this thought (who wouldn’t be?). There smiles became more plastic, although I failed to notice the change. I then assured them that he would likely be stable enough to go home later in the day, without a bladder catheter.

The smiles froze, morphing into a look of pure confusion: “Home today?? We thought he was supposed to stay in the hospital for 4 or 5 days!”

That ghastly knot tied itself tightly, deep in the pit of my stomach, as the light switched on: “Yes–what surgery did you think he was having?” “He was having his colon removed.” Ooh-kaaay…how am I gonna talk myself outta this one?? I’ve been talking to the wrong patient’s family.

Fortunately, that proved easier than it could have been, due to the graciousness of the family with whom I was speaking. They even expressed their gratitude that my patient was doing well, and I wished them the best with their outcome. It could have been far, far worse.

It is not entirely farfetched that the wrong family could have gotten some very bad news not meant for them, which could have triggered difficult or dangerous actions: calls to other family members, decisions to fly from afar, hasty financial decisions, or at the very least a great deal of emotional trauma–not to mention legal implications, as lawsuits have been filed–and won–for less emotional trauma than this.

This is an excellent example of the Law of Rules: rules and laws passed to solve one problem have unintended consequences, which are not infrequently worse than the problem being solved. In this case, the problem solved was minor and infrequent: the possibility that someone might recognize another patient, or overhear some relatively sensitive health information. In my experience, most physicians were careful about such disclosure prior to HIPAA (although there were no doubt exceptions), and even should such disclosure occur, it would be hard to prove that harm comes from the majority of such breeches. The solution to what in my experience was a very minor problem has, and will continue to have, some very serious consequences.

The alias system which most health care facilities have implemented to comply with this law significantly increases the risk of patient identification errors, in my view. In the hospitals in which I work, patient names are no longer posted on a central board at the nursing station–only their initials. Consider the tired, busy nurse giving a medication to the patient in bed 102, Carrie Fisher (initials CF), who is a few rooms away from Carl Foobar (initials CF). Granted, checks and balances are in place–double checking patient, chart, medication, and patient’s armband, which has their name–but one simple and important check has been removed: the easy ability to identify a patient by name. Names are no longer posted on surgery schedule boards as well–it is not hard to imagine the disastrous outcome of an ID mishap here.

I am not dismissing the importance of patient privacy and the privacy of sensitive health information by any means; if anything, the importance of such protections has been underemphasized greatly in the past, and HIPAA addresses some serious issues. But far more detailed and sensitive information is allowed to flow freely under the same law: to your insurance carrier.

Both federal and private health insurers generally require a release of information to verify that services billed by providers have been appropriate and accurate. This means they may access, not just detailed diagnosis and service codes, but also the release of physician notes, operative reports, lab and pathology results–virtually everything about you in your health record, identified by name, SSN, birthdate, and other personal details. Insurance carriers are also required to protect this information, and no doubt make good efforts to comply–but they large bureaucracies, staffed by fallible–and occasionally nefarious–employees. I don’t know about you, but I’d rather have my neighbor accidentally overhear about my surgery results than to have every sensitive demographic and medical tidbit I own pass through the caring hands of the friendly insurance clerk who just loves to chat around the water cooler, and later tell her boyfriend about the fascinating patient she read about today.

So what’s the answer? I suspect we’re just going to have to live with this flawed legislation, since laws of this nature always get more detailed (laws to handle the problems the laws themselves created), rather than simpler with time. But if I were king (a scary thought, that), here’s what I would do:

• Dump the silly requirements that patients and their families be anonymous, unless they specifically request it; the risks outweigh the benefits. Move back to common sense, use patients’ names, perhaps leaving some censure for egregious violation of patient privacy.
• Require that all information passed to government and insurance companies be identified by a unique ID only, with no other patient identifying information. Insurance company employees could access personal data only on a “need to know” basis, with careful logging of all such access.

As for me, I’m going to make darn sure I know which family I’m reporting to.

UPDATE: Courtesy of a reader, I am alerted to my dysfunctional acronymania: Changed from HIPPA to HIPAA. Thanks.