patrick.net

20 HIPAA HARMS

HIPAA permits your health records, tests, diagnoses, and doctor’s notes to be shared
between physicians and hospitals without your knowledge, making it nearly
impossible to get an unbiased second opinion. (§164.506)

HIPAA permits researchers and Big Data to use your medical and genetic information
for research without your knowledge or consent. (§164.512)

HIPAA permits 2.2 million entities to access your medical record information if the
entity holding your information decides to share it. (Federal Register, Vol. 75, No.
134, July 14, 2010 (see pages 40872, 40906, 40907, 40911)

HIPAA permits disclosure of your private health information for many different
purposes having nothing to do with your treatment. (§164.512 / “health care
operations”)

HIPAA does not allow you to restrict access to your health information. You may
request restrictions, but there is no obligation to honor your request. (§164.520)
Under HIPAA, physicians that refuse to follow government-standardized protocols for
treatment can be penalized. (§164.506 / Quality Measurement, PQRS, MIPS)

As a result of >50,000 public comments, HIPAA originally required patient consent for
sharing data for treatment, payment, and health care operations. In 2001, the
industry successfully lobbied to eliminate consent. (HIPAA Proposed Rule, 2002 –
Federal Register/Vol. 67, No. 59)

HIPAA permits health plans and the government to access private health information
without patient consent for many different purposes. (§164.512)

Hospitals can contact and share patient information with organ procurement
companies without the consent of you or your dying loved one. Companies can review
medical records and come to your hospital room without warning to seek organ
donation—unless a state law prohibits it. (§164.512)

“You can’t force a covered entity to give your data to someone you choose, and you
can’t stop them from giving it to someone they choose.” (David Brailer, former
National Health IT Coordinator, Healthcare IT News, May 1, 2015)

Patient information can be shared for public health and health oversight activities,
judicial and administrative proceedings, law enforcement purposes, and “research”
without your consent(§164.512)

The title of “Privacy Rule” misleads most state legislators who think HIPAA protects
privacy so they don’t enact stronger state medical privacy laws. (§160.202)

HIPAA allows those who hold medical information to share it with the government,
allowing government agencies to gather private patient data without consent.
Clinics and hospitals are not required to give you an accounting of most disclosures of
your information —unless state law requires it. (§164.528)

Patient data that is “deidentified” under the HIPAA deidentification standard or
provided as a “limited data set” could be reidentified, according to the U.S. Dept. of
Health and Human Services. (§164.528)

The federal HIPAA Administrative Simplification Regulation is 115 pages long and
contains over 67,000 words – yet “consent” is only mentioned 17 times, and rarely
about data-sharing.

“HIPAA is often described as a privacy rule. It is not. In fact, HIPAA is a disclosure
regulation, and it has effectively dismantled the longstanding moral and legal
tradition of patient confidentiality.” (Dr. Richard Sobel, Associate, Du Bois Institute,
Harvard University)

HIPAA allows research without patient consent despite only 1% of people being
comfortable with non-consensual research. (Wendy K. Mariner)

A 2010 Black Book survey of 12,900 consumers found that 87% of patients were
unwilling to divulge all their medical information and 89% reported withholding
information during visits with their provider.

Google’s “Project Nightingale’ collects data on millions of American using health
records provided by Ascension facilities in 21 states (HIPAA “health care operations"
and "business associate agreements”)