HIPAA Failure: Hospital Workers

If you work at a hospital or other health care system and rely on HIPAA to keep your medical records private from your employer and coworkers think hard before you seek care there.

My physician, who belongs to the same hospital medical staff as myself, recently recommended that I undergo a diagnostic procedure and possibly a surgical procedure. When the diagnostic department contacted me to schedule the procedure I contacted the “privacy officer” of Overlake Hospital, Marlene Tuttle, to ask whether I could restrict access to my electronic record to only those participating directly in my care. Her response did not reassure me:

“We do not restrict access to patients medical records as everyone has been trained and is aware to only access a record if they need to while performing their job.”

I contacted Sarah Brown at the Seattle Office for Civil Rights. Her response did not reassure me:

“Patients have the right to make a request for restriction to their PHI, but the entity is not obligated to honor the restriction.  You can make a request to be an “anonymous” patient  but that would simply mean that your name would not be included in the facility directory if you were to be admitted.”


“The rule is equally weak to everyone in this regard.  And every facility treats such requests for restriction differently by choice, not by regulatory requirement.”

If you work in health care, will you trust the administrators and your co workers to voluntarily refrain from accessing your record to satisfy their curiosity or for personal gain? I will, when pigs fly.

I am fortunate in that I can seek care through another system, but those living in smaller towns may have to sacrifice privacy to obtain care. Like so many laws crafted by ignorant, politically motivated legislators and bureaucrats HIPAA fails to deliver on its promises.

Daily Tweets

Notable Person: #BHCPOD
Phobia: #BNphobia

National Conference Tweetchats

2/26-3/2 AGPA
3/6-9 ANPA