Where Does Patient Privacy Sit in the Patient Experience?
July 20, 2017
The HCAHPS survey is silent on patient privacy. In fact, so are patient satisfaction surveys. Silent.
This could be because we have handed the responsibility over to HIPAA, the Health Insurance Portability and Accountability Act of 1996, which only protects data privacy and medical records.
However, HIPAA is a very distant concern to patients. Patients are only aware of HIPAA when the hospital denies them access to their own information because identification processes are ambiguous, or makes it difficult to get an answer over the phone for the same reason.
Nonetheless, while the personal boundaries of patients are well defined to the patient, they tend to yield in a medical crisis.
Inside the patient experience sits the core of patient privacy.
This core respects the unique autonomy of each patient, his or her right of self-determination, and the unilateral control over access to his or her person and body. It is where patients begin their journey: removing their clothes, documenting their living habits, and praying that no one else will ever know.
However, this is not the way we talk — or even think — about privacy.
EMRs Change the Nature of Patient Privacy
With the increasing use of electronic medical records, the concept of patient privacy is more impersonal and confusing than ever. Impersonal because the record is not the patient, but seems to take on the rights of the patient.
And, confusing because few understand why they are asked to sign a privacy document which they neither read nor comprehended.
It is no longer uncommon to hear about “a medical data breach” exposing millions of electronic medical records to untoward or unknown parties. The word “data” in healthcare has come to mean not only information, but information that is known, analyzed, and positioned in a powerful, if not threatening, way.
When such incidents happen in the U.S., they are reported to the Office for Civil Rights.
Yes, privacy is a civil right. Patients whose records may have been compromised are notified. Steps are taken to prevent another hack. End of story.
The world does not stop turning, patients continue to sign a privacy statement without reading it first, and ultimately, few of us know the actual fallout of a massive data breach. I am not sure if anyone loses their job.
Nor am I sure that for one patient among thousands or millions, such a breach causes a personal crisis.
Regardless whether it’s “only” one among millions of us who may be affected by a breach of privacy, we all want to at least believe those entrusted with our health are vigilant in protecting the most personal of information.
More importantly, none of us want to be anonymous to our physician or nurse, nor do we want to feel exposed or vulnerable to people we don’t know or don’t want to know. Thus, the paradox of privacy.
So What About the Patient Privacy Experience?
If the purpose of addressing the patient experience is to understand and optimize what happens to the patient from the patient’s perspective, then we must address the unique nature of each patient. We are called to understand and respond to individual needs and circumstances.
Paying attention to each patient means respecting their personhood and, in turn, their privacy.
HIPAA has moved privacy from a private, self-determined concept to a regulation, an intrusion, a barrier, and something beyond the control of the patient.
Today, when patients arrive at a physician’s office in the U.S., they are handed a printed document that defines the privacy policies of the doctor. They are asked to sign it, although no one is required to.
In efforts to optimize the patient experience, legislators and healthcare leaders have focused on many factors — none of which acknowledge or deal with privacy as the patient experiences it. It is now defined within a web of regulations that few people understand.
For example, HCAHPS surveys ask about the degree of quiet around a patient room at night, but don’t ask about what patients hear that they shouldn’t.
Patients are also asked about being treated with respect but aren’t asked if they trust their caregivers to manage very personal information. Patients aren’t asked about who needs to be informed about premature diagnoses or prognosis.
Patients are asked whether they understand how to handle their condition at home. But they aren’t asked who else should have the same information (and who should not).
Moving Past Regulations
Patient privacy is not absolute. In fact, many family members have been distressed when they are mistakenly shut out of a loved one’s circumstances. However, the choice for patients must be broader than being either an “anyone” or a “someone.”
The policies and practices around patient privacy today are more about regulation than actual practice. How can we move past the regulation and focus on the patient?
By acknowledging the unique autonomy of each patient and customizing decisions accordingly.
We are left with the paradox as it stands: Privacy is very important, but we are each forced to yield to the healthcare system as it is. We want to be unique, but the system itself renders us part of a collective generation or diagnostic group.
The challenge for those committed to optimizing the patient experience, while respecting the privacy autonomy of each patient, is best revisited in the face of so many challenges.
For more information, please read my whitepaper for The Beryl Institute, “The Role and Perception of Privacy and its Influence on the Patient Experience.” This paper is based on research I did which looked at the many ways patients make meaning of their privacy during a hospitalization.
Please use the code PXPRIVACY during checkout to download the whitepaper for free.
P.S. If you like this post, please do me a favor and share on LinkedIn, Twitter, Facebook, etc. Also to get automatic notices when a new post is published, please subscribe. No spam – just great content. Thanks!