Federal health privacy regulations, commonly known as the Health Insurance
Portability and Accountability Act (HIPAA) regulations, came into effect in
April 2003. Many clinicians and institutions have relied on consultants and
risk managers to tell them how to implement these regulations. Much of the
controversy and confusion over the HIPAA regulations concern so-called incidental
disclosures. Some interpretations of the privacy regulations would limit essential
communication and compromise good patient care. This article analyzes misconceptions
regarding what the regulations say about incidental disclosures and discusses
the reasons for such misunderstandings. Many misconceptions arise from gaps
in the regulations. These gaps are appropriately filled by professional judgment
informed by ethical guidelines. The communication should be necessary and
effective for good patient care, and the risks of a breach of confidentiality
should be proportional to the likely benefit for the patient’s care.
The alternative for communication should be impractical. We offer specific
recommendations to help physicians think through what incidental disclosures
in patient care are ethically permissible and what safeguards ought to be
taken. Physicians should work with risk managers and practice administrators
to develop policies that promote good communication in patient care, while
taking appropriate steps to protect patient privacy.
Lo B, Dornbrand L, Dubler NN. HIPAA and Patient Care: The Role for Professional Judgment. JAMA. 2005;293(14):1766–1771. doi:10.1001/jama.293.14.1766
Customize your JAMA Network experience by selecting one or more topics from the list below.
Create a personal account or sign in to: