Friday, September 08, 2006

"Can you keep a secret? They can."

"They" are some of today's top-secret employees. Whether they're tracking down terrorists, holding back hackers, protecting politicians or withholding this year's Oscar winners, these folks have all perfected the art of keeping information under wraps.

While "top-secret" may bring to mind memories of a jet-setting, James Bond, "shaken, not stirred, variety," not all duties for top-secret jobs parallel the exciting lives of spies and secret agents featured in mainstream media and cinematography. Still, there is something to be said for mystery and a job that in some instances can really mean a matter of life or death.
This was the opening of a recent AOL fluff piece by Candace Corner on “top-secret” careers. The ten she listed included things like FBI agent, nuclear engineer, detective, and psychiatrist.

Oh, come now. What about any kind of therapist, any clergy, and any and all medical personnel? Have you even heard of HIPAA? You must have, because you’ve had to sign the fifty thousand pieces of paper at your doctor’s office just like the rest of us. Actually, I can’t think of many jobs that don’t involve some kind of access to privileged information, but I guess that’s not sexy enough for an AOL fluff piece.

I believe in patient privacy, really. But during my time at the hospital, I’ve gotten as fed up with HIPAA as anybody else in healthcare (and believe me, nearly every healthcare worker has at least one HIPAA rant). HIPAA’s why I won’t make phone calls for patients anymore, because I got so tired of having to say, “Hi, I’m the volunteer chaplain, and _____ asked me to call you to let you know that s/he’s in the ER, but no, I can’t tell you a blessed thing about why s/he’s in the ER, because of the privacy laws.” (I’ll help patients make their own phone calls, but won’t make calls for them.)

We’re only supposed to give information to immediate family. Yes, well, and even if the person by the bed says, “I’m this patient’s child,” how do we prove it? Ask for a birth certificate or a DNA test? What about the cases where the patient’s kids don’t care and aren’t at the bedside, and the person at the bedside is the devoted nursing-home caregiver who’s sobbing and hugging the elderly Alzheimer’s patient who will only respond to this person, and therefore firmly believes that this person is family? I’ve learned never to make assumptions about the relationships of people who come with patients to the hospital. Many are children, parents, or spouses, but I’ve also seen neighbors, friends, a surprising number of ex-spouses, and, yes, home healthcare aides and nursing-home employees. At what point do we define family as “the people who care enough to show up”? At what point do we define family as “the people the patient loves, regardless of law or genetics”?

Here’s an ethical dilemma for you: Sobbing, devoted caregiver of elderly Alzheimer’s patient has asked Volunteer Chaplain to try to ascertain diagnosis. Volunteer Chaplain approaches Nurse and says, “Patient X’s friend would like to know if those tests have come back.” Nurse narrows eyes and says, “You mean Patient X’s child, don’t you?”

Does the volunteer chaplain:

A. Say, “Oh no, they aren’t related,” and therefore put everybody involved into a HIPAA straightjacket;

B. Lie and say, “Oh, you’re right, of course I meant Patient X’s child,” or

C. Gulp, swallow, turn green, and refuse to say anything.

Yes, this happened. I’m not going to tell you what I did, although you can probably guess. What would you have done?

Meanwhile, meet Patient A, who’s been brought in very confused and possibly intoxicated and is frantic to reach her husband. She’s tried calling him. He’s not home. He should be home. Worrying about him isn’t helping her mental state. Volunteer Chaplain, concerned, asks Nurse if anyone else has been able to reach the husband; maybe he’s on his way to the hospital? Nurse says, “Oh, that would be Patient B, who’s actually in this same department right now. He's on the other side of the wall from Patient A, but we can’t tell her he’s here, because they aren’t actually married. He’s just her boyfriend.”

No, I’m not making this up. However, Nurse has said this suspiciously loudly within earshot of Patient A, who for some reason becomes much more relaxed. When Volunteer Chaplain next approaches the bedside, Patient A smiles, winks, and says, “Please go tell him I love him.”

True or false: I’m violating HIPAA guidelines by even telling you these anecdotes.

Well, I sure hope not. I’m trying really hard not to. The HIPAA guidelines, helpfully explained here at Protect the Airway, require that all patient information be “de-identified.” In other words, I’m not allowed to say anything that could be traced back to a specific patient or staff member. This means obscuring all time references, changing genders if possible, changing medical information. All those patient stories on medical blogs? They’re composites, fictions based on truth but disguised for legal reasons.

As a volunteer chaplain, I’m bound by HIPAA. But as a volunteer chaplain, I also -- to quote the famous Hebrew National ad -- answer to a Higher Authority. Please note that I'm not clergy; at least two readers have assumed that I am, so I feel the need to be very clear about that, and you’ll notice that I’ve now included it in the "About Me" sidebar. But it doesn’t matter if I’m clergy or only my humble lay-volunteer self: patient stories are sacred, and patients trust chaplains to keep those stories confidential.

In point of fact, I’ve been known to share some patient information with nurses and doctors when I think it’s medically relevant, but most of what I hear isn’t. (They share information with me when they think it’s relevant, too.) And so far I haven’t, thank God, been privy to any of the kinds of hospital stories that would make me a mandated reporter.

But all of this means that the most moving and life-changing stories I’ve heard, the ones that show up in my dreams and color my thinking, are the ones I can’t tell. If my hospital anecdotes sound vague, you now know why. If anybody brought this stuff into one of my creative-writing classes, I’d be all over it: “Add more detail! What are these people’s names? What do they look like? When did all this happen?”

I could lie about those details, but that would feel disrespectful to the real stories. For several reasons, I can’t tell the full truth. So I stay vague, which is my way of trying to be honest while maintaining appropriate legal and pastoral boundaries.

Does this mean I can keep a secret?


  1. 'Secrecy' = 'confidentiality' in my line of business. We, as a financial company, keep sensitive information which common courtesy, if nothing else, says you don't divulge to anyone but the customer without their express authority. Behind that, you have our Data Protection Act - which can get fun, but I won't go into it here. You'd think we have it because of concern about said information getting into the 'wrong' hands. Which, up to a point, is true, but only up to a point. The British Government stonewalled such demands for years - together with public access to information that happier countries (ie, the USA) take for granted. Then, a pair of enterprising journalists from the Daily Express phoned up a branch of Barclays Bank pretending to be Nigel Lawson, the then Chancellor of the Exchequer (who was out of favour with the blessed mad cow just then - sorry, Mrs Thatcher, the Prime Minister - and obtained information about his finances that they later splashed all over their grubby little rag of a newspaper. Very shortly afterwards, the Data Protection Act was passed and now EVERYONE in the finance industry has to pass a compulsory exam every two years about it.

    One of the institutions with whose records the DPA played merry hob - with its requirements for stored information to be truthful and timely - was the police. I sometimes have cause to call the police to check information a customer has given me about a theft. Some forces will gush, others will say 'get lost until you pay the $100', and others are in between. 46 forces, 46 different interpretations of the Act that applies to all of them. The kicker is that the information I ask about isn't covered by the Act!

    The reason for the paranoia is the revelation that police records are in chaos in the Soham murder trial (a nasty double child murder by a man with records about child abuse in one police authority that weren't disclosed to another authority when he applied for a job as a school caretaker) You can understand, but doing the job right might be a better response.

    With a nurse for a wife, I am acquainted with the pressures upon you. Having been on the receiving end of some unfortunate disclosure, I hope I understand the pressures on everyone. Sometimes, though, the words 'baby' and 'bath water' come to mind.

  2. Susan:

    First of all, you haven't violated HIPAA. As you're clearly aware, in not identifying the patients you're not sharing their Protected Health Information.

    If you're interested, let me suggest you check out the resources for chaplains on HIPAA at the web site of the Association of Professional Chaplains ( There are several articles on the subject.

    More to the point of your examples, remember that you're only required to get verbal consent from the patient to share information with whomever the patient wishes. If in your second example you were to say to the nurse, "The patient wants me to find and speak to her loved one," you are within HIPAA regs to do so, and the nurse (if she's smart) will acknowledge and document it.

    Over the last few years, as a Board Certified Chaplain I've been doing a good bit of education for community clergy on HIPAA. That's absolutely a different perspective that yours as a chaplain (volunteer or not; and you may want to look at a series of posts I'm doing on using volunteers in chaplaincy), but it did get me into reading extensively in the Federal Record, and talking to the colleagues who produces the articles I pointed to at the APC site. The possible consequences of violating HIPAA are real; but it doesn't have to be that hard, if we remember to ask patients who we can speak to, and what about. Unfortunately, some attorneys have sufficiently frightened some privacy officers, and so on down through the staff.

  3. Hi, Martyn! Always nice to see you here: and yes, I think this kind of thing affects all professions, one way or the other.

    And Marshall, I'm so glad you found me! Thanks so much for sending me to those articles: I'll definitely be visiting your blog often and doing a lot of reading!

    Re the second example: so that "we can only release info to/about next of legal kin" rule isn't really true? Fascinating! Yes, I definitely have to do more reading on this. Thank you!


Note: Only a member of this blog may post a comment.