"In practice, HIPAA has allowed the dissemination of our records of every illness, disorder, and condition for which an insurance claim has been filed," he said. Mr Schofield added that HIPAA has given managed care companies and underwriters, who receive no practical medical training, even more involvement in patients' lives.
Compounding the already complicated privacy standards are information services that can access sensitive medical and treatment records from secondary sources, which are actually disclosed and endorsed in the HIPAA statement providers are required to sign if they are participating in managed care compensation.
"If a company [human resources representative] can afford to subscribe to certain information services, they can find out almost everything that is on your insurance company's health care records," Mr Schofield said. "That's part of the reason why my wife and I both opted out of taking insurance from our patients.
"I don't want some young person to be refused a job five years down the road, because I recommended he seek psychiatric and possible medical treatment for depression or anxiety as a teenager," he said.
Along with supplying the world with a ready made pool of excuses, HIPAA has had the addded unintended consequence under the current, privacy-adverse political atmosphere of actually allowing easier access to some of the sort of things it was supposed to restrict. This will no doubt change with the regulatory climate but for many peoples' PHI the cat is already out of the bag.