HIPAA Mythology – Wait, Can I Say That?

“Knock, Knock.”       HIPAA Hippo                                                   “Who’s there?”                                              “HIPAA.”                                                                         “HIPAA who?”                                                  “I can’t tell you.”

A handful of events have disrupted our office over the past 25 years… tornados, snow storms, royal weddings and royal birth announcements… you know… the sort of stuff that distracts our staff from patient care for much of a given day. But being such a dedicated crew, they are back on task the next morning, as though nothing ever happened.

Leave it to our legislators to create a distraction that lasts for months. Thanks, HIPAA.

2500 years of our profession honoring a sacred oath has always seemed pretty clear. The kind of promise that stood the test of time. Simple and true.


Hippocrates, c. 460 BC – 370 BC:

“All that may come to my knowledge in the exercise of my profession or in daily commerce with men, which ought not to be spread abroad, I will keep secret and will never reveal.”

Legislators never saw a rule that they couldn’t make more complicated. Of course, they’re a little sensitive about this stuff because they’re not as good as physicians at keeping secrets.

There are plenty of rules in HIPAA. I advise that you follow every single one of them. Our local and national organizations have offered regional flavor to the HIPAA laws in an effort to make each rule even more enticing. And every bit of advice you ever get, including my own well intended comments, should be filtered by your attorney.

Attorneys really like to do that sort of thing. It offers them a distraction from all that other legal stuff they have to do. In fact, entire law firms have been established just to focus on HIPAA. It costs a lot of money to enforce these laws. But privacy is very complicated, just ask Hippocrates. He took a whole sentence to clarify it.

If this HIPAA law were made too simple, then consultants and attorneys might not be able to attend those fancy conferences, sign those big corporate protection contracts, and pay their many bills. And besides, can’t physicians just pass the expense on to patients?

There is so much in HIPAA to keep us busy. But as if that’s not enough, some folks are still adding their own interpretations to these rules. Some offices are actually adding more rules. Enough already, don’t make this harder for yourself.

Many of the “rules” that I hear physicians worry about are simply not in the HIPAA laws at all. Yet physicians, patients, and staff continue spreading anxiety about some rule that they fear might be violated. Offices become frozen by their fear of rules. If only my children would so broadly interpret rules… never mind, that’s a different blog.

       Here are five myths.     These rules are Not in HIPAA:

The answer for all of these is: Yes, you can.

1. You can’t have a patient sign in sheet.  Yes, you can. The sign in sheet is not a problem. Just don’t link a patient’s name with a reason for the visit.

2. You can’t call your patient by name.   Sure you can. You can call patients back by name, just don’t comment upon the reason for the visit. And BTW, address patients as Mr. or Mrs. whenever possible, or until they tell you otherwise. It’s still a courtesy in this part of the world.

3. You can’t place a chart or encounter form on an exam room door.  Yes, it’s ok to place a chart on the door. Just make sure no info beyond a name is readily seen. HIPAA requires that an office uses reasonable effort to protect privacy. (Like Hippocrates.) But patient sign in sheets, and charts on a door, are considered instrumental to the process of delivering healthcare. This doesn’t mean that staff should skip down the hall singing each patient’s name and diagnosis, even if it’s musical day. You have that day, don’t you?

4. You can’t leave an appointment message reminder on a voice mail or postcard.  Sure you can. Again, just don’t express the nature of the appointment or the reason for the visit, but you can say it’s time to come back to the clinic. This is another great marketing tool that improves healthcare. It’s called a courtesy reminder. There’s that word again.

5. You can’t allow the patient to bring a cell phone or laptop into the exam room. Heck yes, you can. The effort to prevent illegal recording of documents is important. Never leave records open or unsupervised. But you don’t have to be the cell phone police. Those long exam room waits get boring without angry birds and words with friends.

HIPAA rules can be challenging enough without over-reaching and stretching the guidelines. It is hard enough to follow the real rules. Sometimes the oldest rules are the strongest. And common courtesy is the rarest of all.

Just like Hippocrates.

Be sure to send me your own examples of HIPAA myths.

And don’t hesitate to bounce this stuff off your attorney. If lawyers get bored… they may write even more rules for us to over-interpret.

Guy L Culpepper, MD