Health Record Privacy Law Is Messing Up Research

Just days after a deputy director of national intelligence told Americans that we need to rethink our concepts of privacy, comes news that it may, in fact, be harming us in the long run. In a recent national survey, nearly 70% of research scientists said the 2003 Health Insurance Portability and Accountability Act (HIPAA) is “impeding scientific research, stalling clinical studies and halting others altogether.”

One of the big problems with HIPAA, they say, is it has increased the paperwork and legalese required to collect data, but done little to actually help protect patients: “The consent forms have become so long with the addition of HIPAA that subjects may not be understanding what they are agreeing to.”

Some databases are leaving out data that doesn’t meet HIPAA compliance, while some institutions are not even collecting certain types of potentially useful data because of HIPAA rules. This summer, the Institute of Medicine will make recommendations for “how to reduce the burden of HIPAA compliance on public health research.”

“Too much privacy? U.S. law makes research harder” [Reuters]
(Photo: Getty)


Edit Your Comment

  1. uricmu says:

    A research from the University of Pittsburgh, which runs The University of Pittsburgh Medical Center, Western PA’s biggest healthcare provider and a virtual monopoly thanks to its nonprofit status.

  2. speedwell (propagandist and secular snarkist) says:

    Tough titties. If my information is so valuable, they can compensate me for it. At least then I have some idea where it’s going.

  3. ideagirl says:

    This made me giggle…

    “… that doesn’t meat HIPAA compliance”

    It is late and I am easily amused.

  4. junkmail says:

    mmm… Hipaa meat

  5. uricmu says:

    It’s also a joke to ask the research scientists who of course don’t want to deal with the privacy hassle.

    I do research on how people work, which means I have to go through a long process of approval before I can get to sit in front of a consenting participant. Is it annoying? Yes. Is it important, yes? And you can’t compare that to medical info.

    If my subjects are informed of anything I want to do with their work, clearly medical patients are entitled to the same rights for their medical records.

  6. BigNutty says:

    Anywhere I go for medical care they force you to sign that stupid paper that says your privacy will be protected.

    What about the insurance companies? If you try to buy health or life insurance those companies make you sign a release so they can check on your medical history so what good is this privacy protection anyway?

  7. darious says:

    This is an interesting new spin on the current practice of using “public health” issues to shield unpopular and rights destroying laws.

  8. csdiego says:

    *shrug* So maybe the law needs tweaking, or maybe researchers have to jump through a few extra hoops. I’m still not convinced that we have too much privacy for our own good.

  9. Apotheo says:

    Wasn’t HIPAA supposed to “Improve efficiency in healthcare delivery” etc? I work for a smallish local hospital and hipaa is nothing but extra paperwork. Everyone is so hipaa paranoid that we can’t even put patient’s names on white boards any more. Its crazy.

  10. darkened says:

    I whole heartedly support hipaa. Cherish this and do not let anyone try to convince you it’s bad. If hipaa wasn’t there you wouldn’t want to imagine how bad it would be if the MIB had easier access to your medical records.

  11. Oh for God’s sake!

    “It is scaring people out of the field,” Fost, who wrote an editorial the problems of over-regulating of medical research, said in a telephone interview.

    That’s all it takes to get someone to quit doing medical research? A bunch of forms? All those years and dollars put towards higher education, all that work, and he expects me to believe that these people want to quit now because they have to ask permission to use the information first?

    I’d call him a whiner if I thought he believed the load of bull he was putting out there.

  12. @speedwell: ha! these yahoos don’t even want to compensate you if they find something patentable in your guts.

  13. speedwell (propagandist and secular snarkist) says:

    @Eyebrows McGee: I have an idea. Let’s make it an even trade. Each researcher who needs someone’s personal information should be obliged to surrender their own personal information to the person whose information they want. Subject to a confidentiality agreement, of course. (I crack me up.)

  14. Benstein says:

    This is such a load of complete crap. Why do they want my name associated with my medical condition? Can’t they collect there data without looking up WHO it belongs to? This is simply another sneaky way (aka Terrorism) to limit our rights and freedoms.

  15. DrGirlfriend says:

    @Apotheo: I agree that HIPAA has indeed made a lot of people highly paranoid. Especially in its early days, I was surprised at how much essential information insurance companies decided to not give out to me (I work with insurance at a hospital), information that is indeed okay to give out according to HIPAA, but they would cite HIPAA as the reason that they couldn’t give out the information.

    The cynical part of me thinks it’s insurances’ way of making it even harder to bill them – when they cite HIPAA, they expect you to stop asking questions immediately, because the fear of not being HIPAA-compliant is enough to strike terror in the hearts of many in healthcare. But what I think is more likely is that the law is unwieldy and very difficult to fully comprehend. So a lot of people err on the side of extreme caution, instead of having to take the time to wade through the ins and outs of HIPAA. In the end, I can see how that does impact healthcare, although I can’t speak for research.

    This is a law that has been made very big and scary, and in my opinion provides a marginal amount of privacy for patients that wasn’t already there before. It needs to be streamlined, because contrary to what some may think, going overboard with privacy can indeed be counterproductive. Because it’s not that they need to trace your personal information to your test results, for example, it’s that the fear that even the slightes bit of info may possibly reveal your middle name and 1st 2 digits of your SSN is enough to slow things down unnecessarily.

  16. brca1 says:

    I’m a researcher at a major southeastern university, primarily my lab deals with breast cancer genetics. Medical research is expensive, HIPPA just tacks on a little more expense. Here we have a whole department set-up to handle HIPPA compliance, not to mention Internal Review Boards that monitored everything you did pre-HIPPA. Additionally we have annual reviews about compliance. Overall it is probably a good thing, I have never had an instance where I was not able to get a piece of information that I needed for a study.

  17. sommere says:

    IMHO The problem isn’t that HIPPA forms are so long and complicated, it is that they don’t have checkboxes. When I go to the doctor’s office, I feel that I have to sign the form if I don’t strongly object. I never say “well, I’d be fine with my data being used for research” because I view the form as an all or nothing deal.

    (I also assume they will refuse to treat me if I don’t sign and it isn’t an emergency.)

    The length of the forms isn’t the problem, it is that it is binary. I can’t say “I don’t like that part.”

  18. othium says:

    Here in Minnesota, there is a flap over the collection of DNA samples from infants when they are born without the consent of the parents. I am of the opinion that privacy is important and research expenses do not justify it’s violation.


  19. azntg says:

    HIPAA is a double edged sword. As a private individual, I would sure as hell NOT want MY private information in virtual public domain. And I appreciate the fact that HIPAA provides a legal incentive to keep some private information private.

    But, as a researcher, HIPAA can more or less negate any gains made in research. The necessary paperwork and required procedures can be such a hassle that any potential for overall gain with minimal risks to the participants may as well have not been there in the first place. In the medical process, HIPAA can also potentially stall prompt and necessary actions because of misinterpretations and paperwork overload.

    So when it comes down to it, it’s damned if you do and damned if you don’t. Eh well, that’s life!

  20. FLConsumer says:

    Give me a break. HIPAA doesn’t really change a damn thing in terms of research. Any boob can walk into a hospital, find an unlocked computer terminal and find someone’s medical records. It’s not like HIPAA’s placed all of this data under lock & key, it just means people are now accountable for looking at medical records. No more of the non-clinical staff oogoling over the latest celebrity’s ER records.

    Even at that, I had a large university teaching hospital use my medical data, without my consent, as part of one of their studies. I only discovered it when some college student called me up saying there were with Dr such-and-such’s research group and wanted to ask me some questions about my symptoms, hospital stay and follow-up care. Say what?!? I did get ahold of a copy of the study, as well as the actual #’s used in the study, and sure enough, my data was in their study data despite me telling them I did NOT consent to such use. I find it very difficult to believe that some other patient out there would have the exact same blood labs & vital signs as are in my own copies of my medical records from that time.