A New HIPAA-cratic Oath for Healthcare
Professionals:
On the
Questions of Privacy and Confidentiality
by
Patrick B. Kavanaugh, Ph.D.
Born on the Greek island of Kos in
the early 5thcentury BC, Hippocrates is widely considered to be the
Father of Medicine in the westernized cultures. Acknowledged as the first
physician to separate the discipline of medicine from religion, he believed
that diseases were caused by environmental factors, diet and living habits, not
a punishment inflicted by the gods. His therapeutic approach was based on the
healing power of nature in which, he believed, the body contains within itself
the power to rebalance and heal itself. His therapy focused on simply easing
this natural process.
Hippocrates taught and practiced a humble, passive and
respectful form of medicine. His Hippocratic Oath, a seminal document on the
ethics of medical practice, serves as a foundation for other similar oaths and
laws that define good medical practice and ethics, the cardinal principle of
which is,
Primum
non nocerum.
(First do no harm)
The Hippocratic Oath is taken by physicians,
physicians assistants, and other healthcare professionals upon entering their
respective professions. It is one of the oldest binding
documents in history. Written in antiquity, its principles are held sacred by
doctors to this day: treat the sick to the best of one's ability, preserve
patient privacy, teach the secrets of medicine to the next generation, and so
on. "The Oath of Hippocrates," holds the American Medical
Association's Code of Medical Ethics (1996 edition), "has remained in
Western civilization as an expression of ideal conduct for the physician."
In taking the Oath, each healthcare
professional pledges to practice medicine ethically and to the best of his or
her ability and judgment.
The oath speaks to a series of
professional ethical and moral standards of practice, not the least of which
pertains to the significance of privacy and confidentiality in the practice of
healthcare:
What I may see or hear in the
course of the treatment or even outside of the treatment in regard to the life
of men, which on no account one must spread abroad, I will keep to myself,
holding such things shameful to be spoken about.
—Translation
from the Greek by Ludwig Edelstein.
From
The Hippocratic Oath: Text,
Translation, and Interpretation, by Ludwig Edelstein. Baltimore: Johns Hopkins Press, 1943.
Since ancient times, the
foundational significance and necessity of privacy and confidentiality in the
physician-patient relationship has been recognized, appreciated and respected
in the healthcare professions and by society. With government and health-care
organizations demanding patient information as never before, however, how can a
physician, psychologist, or psychoanalyst maintain a patient's privacy? How can
he or she maintain a patient’s confidentiality in our highly technocratic -and
ruthlessly efficient- IT systems? Does the
cardinal principle, “Do no harm,” still apply to the healthcare practitioner
and setting in terms of the ethics of privacy and confidentiality? Has the
Hippocratic Oath transformed from an invaluable moral guide to a meaningless
relic, a pro forma ritual?
Unfortunately, the Hippocratic
Oath is being replaced by a more progressive and contemporary version: the
HIPPA-cratic Oath. While they might sound the same, there are profound and
far-reaching differences between the two.
The New HIPPA-cratic Oath
Passed in Congress with broad
bipartisan support, the privacy rules of the Health Insurance Portabiltity and
Accountability Act of 1996 (HIPAA) went into effect for most covered entities
some years ago. And the American
Association of Physicians and Surgeons (AAPS), among other groups, went to
court to protest HIPAA and the privacy provisions developed by the Department
of Health and Human Services (HHS). Based on their analysis of HIPPA and its
privacy provisions, AAPS wrote to the
HHS secretary,
In
a nutshell, we object to the way the rule gives greater rights of
access
to the government than to the patient himself ... There is no
justification
for permitting public health surveillance and dissemination
of
personal medical records.
The
American Association of Physician and Surgeons
And further, the AAPS warned the
HHS secretary in a separate letter that the regulations,
...would
have unintended consequences: the worst would be to enable
if
not guarantee wholesale invasions of privacy. We fully support the
effort
in Congress to repeal this work of the previous administration.”
The
American Association of Physician and Surgeons
Do the HIPAA privacy provisions
from HHS not protect patient privacy? In practice, the permitted uses and
disclosures of patient information under HIPAA are anything the government
authorizes - without patient
authorization. And, the Institute for Health Freedom, a nonpartisan think
tank in Washington D.C. that analyzes healthcare issues, made known its grave
concerns about the HIPAA privacy provisions. After studying the 1,200-page
regulation, president Sue Blevins said,
The rule does not provide true medical
privacy. Rather it actually
weakens
individuals’ ability to restrict access to their medical records.
defendyourprivacy.com:FAQ
With the HIPAA requirements, it appears that the
privacy and confidentiality of medical information is not solidly protected.
The HIPAA-cratic oath requires the entry of personal and private information
into a nationwide computer data-base from which it can be accessed by dozens of
governmental entities and agencies, thousands of bureaucrats, pharmaceutical
corporations, private insurance companies, police agencies, foreign government
officials, and others - without the
person’s consent. According to the AAPS’s analysis of HIPAA, this is what
happens to information in the HIPAA IT systems. Furthermore, the sharing of
records and information can take place for purposes that include: reporting
physical, sexual, and emotional abuse, health oversight activities, law
enforcement, judicial and administrative proceedings, organ procurement,
military and intelligence functions, workers compensation, healthcare research
projects, marketing health-related products and services, and providing the
data-base for health-related fund raising projects.
In many respects, the HIPPA-cratic Oath of
contemporary times has replaced the Hippocratic Oath of ancient times. And the
impersonal rules and regulations of the new HIPPA-cratic Oath provide for the
technocratic rationality that governs the use and dispersal of private,
personal, and confidential information. The industrialization and
de-professionalization of the healthcare professions continues unabated as the
healthcare reformation redefines the professional standards of the healthcare
professional according to its wisdoms, rationality, and values.
The New HIPAA-cratic Oath: Organized Psychology and
Psychoanalysis
With the enactment of HIPAA, there
has been a radical, dramatic, and disturbing shift in the nature of the
relationship between the government, various professional associations, and the
citizenry. Recent years have witnessed a ruptured break from the traditional commitment
of society to the individual and a
corresponding shift to the commitment to “the best interests of” the collective. Coupled with the more
recent passage of the Affordable Health Care Act of 2009 and its privacy
provisions, and the implementation of electronic medical records by various
hospitals and clinics, steps are taken towards the increased centralization of
authority and decision making power in various governmental entities regarding
issues of privacy and confidentiality, particularly as it pertains to physical
healthcare information gathered in the consulting room.
And, what about the profession and practice of
psychology and psychoanalysis in this changing healthcare matrix? Specifically,
what happens to confidential and private information in the “talking therapy”
of psychology and psychoanalysis? By history and politics, organized psychology
and psychoanalysis have allied themselves with the scientific vision of the
medical community, have identified themselves as healthcare professionals, and
have adopted the purpose and ethics of the physical healthcare professions. As
such, psychology and psychoanalysis respectively fall under the rules and
regulations of the new HIPPA-cratic Oath.
Strict confidentiality is the cornerstone of a
psychotherapeutic and psychoanalytic discourse. In The New Informants: The Betrayal of Confidentiality in Psychoanalysis
and Psychotherapy, Bollas and Sundelson (1996) assert that the practice of
observing therapeutic confidentiality is so riddled with exceptions that it has
all but disappeared in the analytic and psychological community. Their book
considers the disappearance of privacy in the therapeutic community and,
further, how this loss has been destructive to the integrity of both the
profession and practice psychotherapy and psychoanalysis. Consider if you will,
the various duties to warn, report, and medicate. The psychological
practitioner, psychoanalytic or otherwise, has the ethical duty and
responsibility to protect the patient from him or herself, protect society from
the patient, protect the patient from society, and protect the patient from the
unscrupulous practitioner – including him or herself. In many respects, the
practitioner is expected by ethics and law to function in loco parentis for those who consult with them.
What positions have the political and educational
institutions of psychology and psychoanalysis taken regarding HIPPA and other
such actions taken by congress? For the most part, the focus of our
professional associations has been on advancing new healthcare delivery
systems, developing empirically based “best practices” for the practice community,
outcome-based education for the learning community, and working towards the
seamless implementation of HIPPA, the Affordable Health Care Act (2009), and
electronic medical records. Apparently, it now takes a village of educrats,
bureaucrats, governmental agencies, and professional associations to mandate,
monitor and mediate matters of privacy and confidentiality.
One of the observations made in the AAPS’s
analysis of HIPAA is that most professional associations, consultants, seminar
producers, and lawyers neglect to advise physicians – and metaphysicians- of
the option of being a non-covered entity
under the HIPAA Act. And unfortunately, this seems to hold true in the
psychological community as well. HIPAA, for example, is talked about in terms
of how to be compliant as a covered
entity; the option of being a non-covered
entity is rarely mentioned, much less considered.
HIPAA-related information and questions presented to
the practice community through conferences and workshops are usually organized
around encouraging the practitioner’s compliance with the rules and regulations
of the new HIPPA-cratic Oath: Are you aware of the requirements mental health
professionals must meet to be HIPAA-compliant? Are you aware of the new
liability risks posed for mental health professionals by the HIPAA privacy
regulations for non-compliance? Are you aware of what the state or federal
penalties might be if the proper forms are not kept, or the wrong information
is released? and, Are you aware of how unforgiving the HHS might be if you are
not HIPAA-compliant and violations inadvertently occur?
It seems that considerable time, money, and effort
have been spent by our professional associations and organizations on the
question of becoming HIPAA-compliant rather than, as with the AAPS, protesting
those privacy rules and regulations that might compromise the privacy and
confidentiality of the therapeutic space. Very little resources, however, seem
to have been spent on critically assessing HIPPA’s impact on the practice and
profession of psychology or psychoanalysis.
More and more our professional associations seem too
willing to turn to the government to validate our standards of practice
(licensing laws), our bodies of knowledge(s) and outcome based educational
programs (national healthcare accreditation standards and licensing exams), and
our scientific view of people and outcome based treatments (EBT’s, DSM-IV and
the soon to be DSM-V). Regulations regulate; standards standardize; and,
institutions institutionalize.
The Hippocratic Oath is concerned with medical
practice and ethics. Are there any plans to survey the psychological or
psychoanalytical community to determine HIPPA’s impact on issues of
confidentiality and privacy on the therapeutic discourse? Is there any
opposition to the HIPPA or Affordable Health Care Act’s (2009) privacy rules by
our national or state associations or organizations? It seems rather
HIPAA-critical for our professional organizations to do otherwise as
confidentiality is the cornerstone of the therapeutic endeavor.
It might make it easier for people to consider
speaking with someone in a therapeutic discourse if her or his personal and
private information stays in the consulting room, unless she or he specifically
authorizes its release.
