Confusing Health Laws Slowed Info On Orlando Shooting Victims
If the Orlando shooting taught us one thing about our healthcare system, it's that nobody seems to understand how it works
After the massacre in Orlando left 49 dead and many injured, survivors scrambled to track down their loved ones. Thankfully, Orlando’s quick-thinking mayor Buddy Dyer called up the White House to request an emergency waiver of HIPAA—the Health Insurance Portability and Accountability Act, which protects patient privacy—so physicians could reach out to the victims’ families.
Except nobody needed a waiver. And that’s not even how HIPAA works.
“These disclosures…are permissible without a waiver to help identify incapacitated patients, or to locate family members of patients to share information about their condition,” Marissa Padilla of the U.S. Department of Health and Human Services told CNN. “Disclosures are permissible to same sex, as well as opposite sex, partners.”
LGBT Americans face many struggles—being targeted by violent extremists, for instance—but HIPAA is not one of them. HIPAA restricts who can see your medical history, but allows physicians to provide information to your legal spouse, relative or even “close personal friends.” Setting aside the fact that the Supreme Court ruled in favor of marriage equality nearly one year ago, a same-sex partner could always obtain his or her loved ones’ medical information under the “close personal friend” clause, married or not. In other words, HIPAA never barred gay couples from accessing each others’ medical information.
The tricky part is explaining that to hospital workers—especially those who are homophobic, terrified of HIPAA, or a little bit of both. In 2008, for instance, one Miami woman was told that she could not visit her partner in the hospital, or even receive updates about her condition, because Florida prohibited same-sex marriage. This was ridiculous from a legal point of view (and it resulted in a major lawsuit) but the story illustrates a recurring problem in U.S. health law. Healthcare providers, it seems, don’t understand HIPAA.
Neither do CEOs. After the Orlando shooting, when some families waited an agonizing 24 hours before hearing anything about their loved ones, Mayor Dyer told reporters that “a hospital CEO said HIPAA prevented the hospital from identifying the Pulse nightclub victims who were at the hospital.”
So Mayor Dyer called the White House and requested a HIPAA waiver, which opens an entirely different can of worms. First of all, the White House cannot unilaterally grant a HIPAA waiver (both the President and the Secretary of Health and Human Services would need to be involved). Second of all, a formal waiver request would have likely been rejected in this scenario, because they’re reserved for specific cases in which withholding the information could pose a threat to public health. And finally—nobody needed the waiver to begin with!
In the aftermath of the Orlando attack, hospitals and officials spent far too many hours wallowing in ignorance of health law. That needs to change—for the benefit of the future victims of terror, as well as more casual emergency room visitors. “Clarity over HIPAA rules is necessary to address both mass shootings as well as cases where family members simply seek to learn about their loved ones after far more routine injuries and accidents,” write Arthur Caplan and Craig J. Konnoth, medical ethics professors at New York University.
As for the law itself, Ann Bittinger, a Florida healthcare attorney who specializes in HIPAA, put it best. “Hospitals don’t need to ask the president if they can release incapacitated disaster victims’ identities to family members, relatives, or friends,” she told Business Wire. “The federal government is not going to fine an emergency room doctor or hospital for a HIPAA violation when a distraught person who is clearly the parent or partner of the patient goes to the ER asking for information.”