HIPAA at 30,000 feet/ October 22, 2010

At 30,000 feet cruising altitude on a four-hour direct flight between Seattle and NYC, my seatmate pulled out a two-inch sheath of papers, put them on her seat tray table and started writing on them. I was knitting and had my headphones on, trying to relax. I glanced down to see what she was working on and saw that they were patient charts. Individual progress notes complete with full names, dates of birth, addresses, insurance carriers, presenting complaints, physical exam findings, medications, diagnoses and treatments. I discovered all of that by small furtive glances past my knitting project. I tried not to look, but it is like trying not to look at an attractive person starting to undress in public. You know you shouldn’t be looking but it impossible not to.

My seatmate’s progress notes (along with the familiar blue and white billing/encounter forms) also had her name on them and the name and address of the clinic where she worked. From the range of patients she had seen, she must be a family physician. The clinic is outside of Seattle—sort of in the country. But still, I am fairly sure that she is aware of HIPAA and that it is rather odd (and I’d say unethical) behavior to be charting on an airplane. She worked on these charts for three hours, after which she laid her head back to rest, thought better of it and turned the top page over to cover the information. As if that took care of the patient confidentiality part of having just waived patient information under my nose for the past three hours? Oh yes. The other thing that I found fascinating is that all of the patient progress notes she worked on were from over a month ago. And it wasn’t like she had even made short notes already on the progress notes from (presumably) the day she had seen these patients. They were all blank except for the patient’s information and presenting complaint. Perhaps she has a good memory. Perhaps she was making it all up. Maybe she had had some sort of family emergency and hadn’t been able to chart on these people closer to the time she had seen them. But really, on an airplane?

I thought about saying something. I wondered if it’s possible to make a HIPAA citizen’s arrest at 30,000 feet. I did neither of course, and instead kept knitting and composing this blog post in my head. I kept wondering what all of those patients would think/say/do if they knew their personal health information—psoriasis, acne, domestic violence injuries among others—was being displayed on an airplane. I also thought about how it was likely her patients were from a low-income community clinic of some sort, since many of them had no insurance. Would a family doctor from a more upscale clinic be charting on paper progress notes on an airplane? I doubt it. So this leads me to wonder about the inequity even in the application of HIPAA and patient privacy in the US. HIPAA seems to be more about protecting the health care system than protecting individual patients—at least how it has been interpreted and applied. For instance, at a community clinic I recently worked at, the clinic administration decreed that we as providers could not provide patients or parents of children copies of their immunization record. At least we couldn’t give it to them the day they asked for it. Instead, they had to fill out/sign a record request form that went to medical records and presumably several weeks later they could come back to clinic and get their immunization record. When we questioned this, the clinic administration said it was “HIPAA rules.” As if.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s