As an IT professional in a hospital I firmly say that a patient's actions should not be a way circumvent HIPAA. Now all the patient has to do is sign a release of information and specify what information is released.
While the hospital and its staff are obeying the law, they are really only using it as a curtain to hide behind (which is convenient for them). It would be interesting if Sara Cortes authorized some information to be released and see what the hospital really has to say.
Should patient-doctor privacy policies be a two-way street?
That question rattles around my head after reading Michael Krigsman’s account of Sarah Cortes, a patient that Twittered through a hospital consultation in rural Pennsylvania.
Krigsman writes:
Technology writer and blogger, Sarah Cortes, went by ambulance to Robert Packer Hospital, a facility located in rural Pennsylvania, after she suffered a serious spinal fracture. The story takes an unusual turn because Cortes says Twitter helped her escape from the clutches of hospital staff whom, she claims, tried to intimidate and coerce her into accepting unnecessary spinal surgery.
The account gets into details of Cortes’ stay quickly. The rub: Robert Packer Hospital can’t really respond much to Cortes’ take due to the Health Insurance Portability and Accountability Act (HIPAA), which is partially designed to keep information private. As a result, you have a one-way account of Cortes’ stay. Doctors can’t talk. The hospital can’t talk. Nurses can’t say what happened.
The hospital cited HIPAA in its thin response to Cortes’ claims. Here’s the question: Should privacy procedures be waived by a patient’s actions, say updating Twitter or Facebook during a surgery?
It’s unclear, but as Krigsman notes the boundaries for standard operating procedures are falling due to new technologies. Nevertheless, I’d like to see a point-by-point rebuttal from the hospital to Cortes’ allegations. Transparency should be both ways.
