5:29 PM hippa law | ||||
#Claims That Obamacare Website Violates Health Privacy Reveals Embarrassing Fact-GOP Does Not Understand HIPAA Or Obamacare (Image credit: Getty Images via @daylife) If you happened to catch yesterday’s House Energy and Commerce Committee hearings on the failures and foibles of the Obamacare website launch—or as New Jersey Democrat Frank Palone so aptly named the proceedings, “the monkey court”— you heard Congressman Joe Barton (R-TX) argue that a line of source code embedded in the software that operates the website violates the Health Insurance Portability and Accountability Act of 1996, better know as HIPAA, and infringes on our medical privacy rights. While grilling Cheryl Campbell of CGI Federal—the key contractor responsible for building the Healthcare.gov website—Barton bellowed, “How in the world can this website be HIPAA-compliant when HIPAA is designed to protect the patient’s privacy?” Barton continued to hammer the woman–who probably doesn’t know a HIPAA from a hippo—adding, “You know it’s not HIPAA-compliant; admit it. You’re under oath. Your company is the company that put this together. We’re telling every American … that you sign up for this or even attempt to, you have no expectation of privacy. That is a direct contradiction of HIPAA and you know it.” While Ms. Campbell consistently responded that the website did not violate HIPAA requirements, Rep. Barton wasn’t interested in anything resembling facts. It was exactly the sort of ignorant performance we’ve come to expect from so many GOP Members of Congress based on their theory that when you don’t know the facts or understand the law, it is best to bang your shoe on the table loudly and hope that someone just might pay attention to you. In this instance, no matter how hard Barton bangs or barks, it will not make his argument any better when it comes to the real world where those of us who are not Members of the House GOP caucus live. It will also not protect Mr. Barton from being exposed as either a completely dishonest participant in the hearings or, put simply, wholly and completely ignorant of the law he sought to use to make his point. For starters, Congressman Barton, it might pain you to know that the HIPAA law doesn’t even apply to the healthcare.gov website! In order to be subject to the HIPAA law, individuals, organizations and agencies—and their respective business associates (ie. insurance agents, outside business assistance, etc.)—must meet the law’s definition of a “covered entity” which includes the following three categories:
Is anyone prepared to argue that the Healthcare.gov website is a health care provider as the same is clearly defined above?
For anyone who would like to argue that the subsidies included for some in Obamacare equate to a government program that pays for health care (someone tried this on me earlier), sorry, but that dog won’t hunt. The subsidies are contributions to the premium charges of a health plan that pays for your health care-not a direct payment for your health care as required by the law for covered entities. If the Obamacare exchanges were making direct payments for medical services provided to patients, as Medicare does, then the argument could be made that Healthcare.gov might be subject to the requirements of HIPAA. However, the government simply and clearly does not make such direct payments via the Healthcare.gov website nor does it make any such payments as a result of the Affordable Care Act in its entirety. Should you be of a mind to say that it doesn’t matter because the subsidy payments end up resulting in the payment for medical services or procedures, via the health insurance the money helps purchase, you had better be prepared to argue that the IRS is subject to HIPPA (it is not) because you might just use your tax refund or that tax deduction you are getting for medical expenses to pay for a doctor. You will also have to argue that your employer is covered because some of your paycheck might go to paying the doctor. With that in mind, can anyone believe that these entities were ‘covered entities’ as contemplated by the HIPAA law? They are not just as Heatlhcare.gov is not.
This part of HIPAA would provide Rep. Barton and friends with their best shot at finding a rational for imposing HIPAA rules on the exchanges. However, the argument ends up failing completely because the exchanges—including the websites that power the exchanges—are simply not clearing houses within the meaning of the law. Health care clearing houses exist to “smooth the chain” by taking data that is collected on a patient and putting it into an electronic format that is useable by a recipient on the other end. Typically, this involves gathering and sending along medical information on a patient who has waived HIPAA protections when applying for an insurance policy. The applicant grants both the provider of the information and the insurer permission to share this private information, allowing the clearing houses hired by the insurance companies to find medical information on the applicant wherever it is out there to be found (beyond the application) and report it to the prospective insurer In no way, shape or form does Healthcare.gov perform this type of procedure and is simply not a “clearing house” pursuant to the HIPAA law. Clearly, anyone choosing to suggest—let alone state with supreme confidence as was the case during yesterday’s hearing—that HIPAA would apply to Healthcare.gov, lacks even the most rudimentary understanding of the law. Call me crazy but it does not strike me as too much to ask that a Member of Congress participating in yesterday’s hearing might be familiar with the law in question when using it as the very basis of an attack.
| ||||
|
Total comments: 0 | |