.jpg)
(AP Photo/Orlin Wagner)
Millions of patients scrawl their signature on that form whenever it’s slid across the counter at the doctor’s office, dentist’s office or hospital. It can even be as easy as “clicking” a signature at a sign-in kiosk before a procedure like a mammogram.
But Americans should think twice about absently signing the HIPAA form that’s pushed on patients everywhere.
Contrary to popular belief, the Health Insurance Portability and Accountability Act of 1996 and its “Privacy Rule” isn’t a privacy protection at all.
CCHF’s new report, “The HIPAA Privacy Deception,” found online at www.cchfreedom.org/files/files/HIPAA Stories Book.pdf, details personal stories from real people who legally refused to sign the so-called HIPAA privacy form—and what happened when they did.
Americans need to know the truth about the so-called “HIPAA Privacy Rule.” Americans should know that HIPAA does not protect patient privacy. In addition, Americans can legally refuse to sign the HIPAA form and still get medical treatment, thus exposing and refusing to further propagate the HIPAA privacy deception.
Far from protecting patient privacy, HIPAA’s Privacy Rule, together with the 2009 HITECH Act, makes patient medical records accessible to more than 2.2 million entities. Furthermore, the blanket HIPAA form is simply a vehicle to make patients think their data will be held in confidence. If individuals actually read the federally required Notice of Privacy Practices, they will see they have no privacy under HIPAA.
The U.S. Department of Health and Human Services on its website says patients do not have to sign the form, and CCHF is urging individuals to exercise that right through its new report, which shares stories of patients who were hurt by HIPAA.
For example, Shari from Minnesota reported the following:
“I had an incident where I was in a new clinic for me. I was feeling very ill, and my husband was along with me. I was told I couldn’t be seen until signing the HIPAA form. I said I wasn’t going to sign and they said they wouldn’t treat me. I was then put on the phone while hacking my lungs out to talk to the lawyer or business manager. After going round and round about them only having to make a good faith effort, and her telling me she was very uncomfortable with me not signing and that this was just the law, I held my ground and they did treat me. She did mention that I wouldn’t be able to do this in the future. They did make me sign a consent form to be treated. Should people coming into a clinic really be told they are wrong and need to sign? I can see why people just cave in.”
Another couple from New York actually left one clinic and drove to another 10 miles away because staff would not treat a bleeding finger without the injured man signing the HIPAA form. Debra wrote:
“My husband came home from work early one morning. He had a right index finger laceration and was bleeding heavily. We got it bandaged and wrapped and drove to the nearest emergency clinic where we waited about 10-15 minutes to be called for registration. When we were called up, we were given the usual paperwork. It was then that I told the receptionist that we do not sign HIPAA forms. She said it was required and that they would not be able to treat if not signed. I explained that was not the case and suggested she go on the HIPAA site and look for herself that it was not required. (I explained why.) I told her that they should have a refusal to sign form for patients if needed. She had no clue as to what I was talking about. She said she would ask the Doctor if he would treat. She returned and said that the Doctor would not treat without us signing the HIPAA form. All the while my husband was in serious pain. I explained again why this was in violation of the HIPAA law and that signing or not signing had no bearing on treatment. She asked why we would not sign and I explained the reason yet again. She insisted that they are very strict with medical records and privacy and that they were not ‘federal.’ Obviously, she had no clue. She then called the main office and spoke to ‘someone.’ I was then told that the ‘someone’ was going to contact their legal department and we were instructed to sit in the waiting room.
“We waited for at least another 20 minutes before she came to us and said that we would not be seen. The Dr. could look at it if we wanted but would not treat it – they would then send us on to a hospital emergency room. We were told we must sign the HIPAA form. By this time I was outraged, my husband was in pain and the blood was now going through the bandages. She said we must sign the HIPAA and treatment/ financial agreement. I told her I had no problem signing the treatment/financial agreement but NOT HIPAA. She said she was sorry, but they could not see us. I demanded all the paperwork she wanted signed. I told her she needed to educate herself (since she wouldn’t listen to me). We left and went to another clinic about 10 miles away. We signed in and were called back for triage. They took him back right away even before registration and treated him immediately while I registered. This time the HIPAA form had a ‘refusal to sign’ box that I checked. NO PROBLEMS.”
Sometimes, the HIPAA form at a doctor’s office may be part of a bundled consent form, which CCHF calls “coerced consent” because it is a single piece of paper with consent for treatment, billing, research, HIPAA and more—all bundled together on one form with only one signature line. Sometimes there are boxes to initial or check for the separate items, but the question related to each box may be confusing and may lead patients to indicate consent when they intended to refuse consent. Sometimes there are no boxes.
Regardless, most patients dutifully sign the HIPAA form. If patients refuse, management may be called in or patients are told no treatment can be given or they’re told they must pay cash although insured. But signing the form leaves most patients with a false sense of personal and medical privacy.
Citizens should become further educated about HIPAA by:
- Knowing that signing the HIPAA form does not provide patients with any privacy or consent rights, but the signature could be used against patients if they ever declare that their privacy rights have been violated. Clinics and hospitals could use the signature to argue that patients knew their confidential information could be shared.
- Refusing to sign HIPAA acknowledgment forms.
- Asking state lawmakers to pass legislation that protects patients from HIPAA and protects private medical records from being accessed by the government and others without voluntary informed written consent.
- Learning more at CCHF’s HIPAA Grand Deception and at HHS’ HIPAA notice.
Twila Brase is president and co-founder of Citizens’ Council for Health Freedom (CCHF, www.cchfreedom.org), a Minnesota-based national organization dedicated to preserving patient-centered health care and protecting patient and privacy rights. Celebrating its 20th year, CCHF exists to protect health care choices and patient privacy. Brase, a registered nurse, has been called one of the “100 Most Powerful People in Health Care” and one of “Minnesota’s 100 Most Influential Health Care Leaders.”