Although it was not the intent of the law, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) has been interpreted and misapplied as a barrier to communication with the very people who have a deep and often lifelong relationship with elderly patients and who will be responsible for managing or providing care in the community. When a family member asks almost any question relating to a family member’s care and treatment, this is what they too often are likely to hear: “I can’t tell you because of HIPAA.” End of conversation.
This is a misinterpretation of HIPAA. Here is what the Health and Human Services’ Office of Civil Rights, responsible for monitoring HIPAA, says: “The HIPAA Privacy Rule at 45 CFR 164.510(b) specifically permits covered entities to share information that is directly relevant to the involvement of a spouse, family members, friends, or other persons identified by a patient, in the patient’s care or payment for health care.” The only exception is if the patient objects.
There are an estimated 40-50 million family caregivers in the U.S. The unpaid labor of these relatives, partners, and friends is estimated to be worth $475 billion a year. They provide 80–90% of the long-term care in the community for an aging population with multiple chronic conditions, including Alzheimer’s disease and other dementias. Without this essential family support, these individuals would require nursing home care, which is not what they or their families want, and certainly would add enormous cost to an already strained system.
Health care currently focuses on encouraging patients and families to become more “engaged,” “activated,” and “self-reliant” in care. These efforts, as well as HIPAA itself, assume a competent adult patient, able to absorb complicated information and act on it. But many of the patients most at risk for poor outcomes and hospital readmissions—older adults with multiple chronic conditions, including cognitive deficits—are not able to become actively engaged.
Recently Dr. Harlan Krumholz described a “post-hospital syndrome,” a condition family carergivers know well. Even in ordinarily healthy and competent people, the experience of hospitalization itself, particularly a stay in an ICU, can create temporary lapses in cognitive function and independence. For elderly people who are already frail or confused, the problem is even worse. Dr. Peter Provonost of Johns Hopkins University says, “Patients in this state of mind are in no condition to understand discharge instructions such as how to keep wounds clean or when to take medications. It’s easy to see how the patient can quickly decline.” Yet hospital staff continue to say to a family caregiver, “I explained everything to your mother. Just ask her what to do.”
In 2012 the United Hospital Fund and the AARP Public Policy Institute collaborated on a national survey of family caregivers to determine the extent of the medical/nursing tasks they perform, how they learn to do these tasks, and who helps them. We found that nearly half (46%) of family caregivers were doing one or more medical/nursing tasks (defined as medication management of various kinds, wound care, monitoring medical equipment, or similarly demanding tasks), in addition to the personal care and household chores more usually associated with family caregiving. When asked who taught them, these caregivers typically responded, “I learned on my own.” In effect, they are care managers without portfolio.
When I talk to groups of caregivers and professionals, I often ask if anyone has had an experience with HIPAA. Invariably many hands are raised, and heads nod in agreement. I particularly remember one family caregiver, a big, burly detective who takes care of his father. He said, “It’s my job to get information from people who don’t want to talk to me. But when I come to the hospital and ask about my dad, I can’t get anyone to tell me what’s going on.” If he couldn’t jump over the HIPAA barrier, what chance do the rest of us, lacking his confidence and skills of persuasion, have?
It was with some chagrin that I recently found myself on the wrong side of the privacy law. My sister, who was in severe abdominal pain, asked me to accompany her to the Emergency Room of a major New York City medical center. We waited and waited and finally a triage nurse told my sister to follow her into a room. I got up to join her, but the nurse stood in my way, saying, “You can’t come with her. It’s a HIPAA rule.” My sister said, “But I want her with me.” No way. I should have insisted but I had learned from my long experience with my late husband that a family member who raises questions or challenges a nurse quickly gets labeled as a pest or an even nastier epithet, and I did not want to jeopardize my sister’s care. (She recovered and is fine, despite two very unpleasant days on a gurney in the ER corridor.)
Fears that an individual doctor or nurse can be sued for disclosing information are common but exaggerated. An individual who believes that protected health information has been inappropriately disclosed has no legal recourse under HIPAA other than a complaint to the Office of Civil Rights. Although HIPAA creates a right to privacy, there is no right to sue a doctor, nurse, or hospital. The individual can file a lawsuit under state law alleging violation of privacy, and would bear the burden of proving harm, but HIPAA would not be a factor. Some of the HIPAA violations that have resulted in staff being fired relate to theft of social security numbers or credit card numbers, which were crimes before HIPAA. Other violations have involved staff checking out their neighbors or ex-spouses information or a celebrity’s data. These are bad enough but they should not be confused with a daughter’s justifiable desire to know what kind of follow-up care her mother will need, especially if she is going to be the one expected to provide it.
While fears of being sued or fined are certainly prevalent, in my opinion the overriding reason HIPAA is used to cut off communication is that it serves as a convenient excuse not to talk to families or listen to what they know about the patient. If families are kept at arm’s length, the easier it is to avoid difficult conversations about prognosis or treatment options. With some exceptions, health care professionals are not well trained in or skilled at communicating with lay people—patients first of all but even more so their families. Families are welcomed in marketing material, not so much in hospital rooms.
Part of the reason HIPAA has been so misunderstood and misused is that it fits neatly into an already well established pattern of keeping family caregivers at arm’s length. Families ask questions. They want answers. If they are doing their job, they are good advocates for their family members. A law that limits sharing information offers a convenient but misguided rationale for withholding information.
Carol Levine, 78, is director of the Families and Health Care Project of the United Hospital Fund. She was awarded a MacArthur Foundation Fellowship in 1993 for her work in AIDS policy and ethics. This post is adapted from her testimony to the U.S. House of Representatives Committee on Energy and Commerce, Subcommittee on Oversight and Investigations on April 26, 2013. A video of the April 26 hearing can be seen here.