New laws protect patient privacy
April 14, 2003
When ski patrollers brought Daniel Morgan off Peak 9 in Breckenridge March 11, it was easy for local media or the public to obtain information about the Denver man’s injuries, status and prognosis.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) has been enacted to ensure patients’ privacy. The final privacy rule became effective in April 2001, and all hospitals were to be in compliance with it by Monday, April 14.
The new rule will protect patients’ privacy by limiting the amount of information the media or the public can obtain about them from hospital personnel. A patient or next of kin can, however, choose to release information.
“We are going to have to work our way through it,” said Larry Wall, president of the Colorado Health and Hospital Association. “But we have a legal responsibility to do it. It’s the public, through Congress, that passed the law. The hospital has to protect the information.”
A bill currently being debated in the Colorado Senate would recognize state laws that are more stringent than those outlined under HIPAA.
Recommended Stories For You
Wall agreed the new rules will be frustrating for the media in particular.
“It’s interesting to know information about other people, but when it’s you, you may not want other people to know,” he said. “This certainly is going to be more restrictive.”
Thomas Kelley, a Denver attorney who represents the Colorado Press Association, calls the new laws “sweepingly overbroad.”
“The goal of privacy as to one’s medical condition is understandable and acceptable, but to forbid release of any information concerning one’s involvement in an event that may be of public interest simply goes too far,” he said. “This is one of the more troublesome information blocks erected in some time from the standpoint of the media.”
Local reporters say the new laws will prevent them from getting timely, accurate information out to people in the community.
“Whenever people see someone injured on the mountain or flown off in a helicopter, they deluge us with phone calls,” said Summit Daily News publisher Michael Bennett. “They’ll ask us if we had heard that someone was injured. Rumors will fly around town about how so-and-so is doing – or that they died – and if we can’t get the information, we can’t get them the story. We consider it our duty to let people know if something has happened to a member of our community. This will make it that much harder.”
Hospital personnel in Denver say it will make their job more difficult, as well, because they have spent years building relationships with radio, TV and print media.
In the past, if Flight For Life took an injured person to Denver, reporters could call for most of the information they needed. Such information included the patient’s name, age, hometown, extent of injuries and health status.
Now, unless the reporter has the patient’s name, hospital personnel can’t divulge any health information – not even confirm the patient is at that hospital – without risking a $50,000 fine and jail time. If the reporter has the name of the patient, public information officers then can only say if the patient is in good, fair, serious or critical condition. And if the patient has died, they can only release the time of death if the body is still at the hospital.
Reporters, they say, are going to hear a lot of “I can’t confirm or deny that information.”
At first glance, it appears this would eliminate the need for public information officers. But it might actually increase their workload as they track down patients or their relatives to obtain permission to release information, some hospital officials say.
Hospital personnel say it will take a lot of common sense and good taste to approach a grieving family member to ask that permission.
Other public agencies – notably police and fire departments – still must make their reports available to the public. However, the Colorado Springs Police Department is experimenting with adopting some, if not all, of the HIPAA regulations, Kelley said.
Ski areas, however, plan to comply with HIPAA regulations because they consider their ski patrollers to be health-care providers, said Mike Lee, public relations director for Keystone Resort.
“This was a concern of ours in my previous job,” said Lee, who was a news assignment editor for Channel 9 in Denver. “The difficult thing is, it’s the law.”
In Colorado, only a doctor or coroner is authorized to pronounce someone dead. If that death occurred on the slopes, ski area officials typically send out a press release to media and Colorado Ski Country USA (CSCUSA). Among many other things, CSCUSA tallies deaths related to snowriding accidents.
However, ski areas often classify a death differently than CSCUSA does, and the media often classifies a skier death differently than either the ski area or CSCUSA.
For instance, on Jan. 15, a Keystone employee suffered a seizure and fell from a lift, but he was working at the time – he was wearing tennis shoes and downloading from atop the mountain, Lee said. While CSCUSA counts his as a ski-related death, officials at the resort don’t.
Under HIPAA laws, Lee said he’s not sure if the ski officials will be allowed to report deaths to CSCUSA anymore. They plan to meet with various hospital representatives to determine how to address new regulations, including how skier deaths and injuries will be reported to both the media and CSCUSA.
“It’s a difficult subject for ski areas to deal with,” he said. “It’s not something we like to talk about, even amongst ourselves.