Approximately 25 years ago, a group of concerned citizens, led by the celebrity couple Jane Fonda and Tom Hayden, lobbied for a strict rent control law in the ocean-side California city of Santa Monica. Real estate prices had recently escalated dramatically, and monthly rent prices for the city’s apartments had begun to increase as well. The newspapers were filled with touching stories about elderly couples and single mothers being forced out of the apartments that they had lived in for decades because of the greed of rapacious landlords.

With a groundswell of popular support, the strictest rent control in the nation was put into effect to protect renters’ rights. Rent prices could be raised only a small percentage each year (approximately 1% to 3%, as legislated by a special rent control board), even when apartments became vacant and required significant monetary investments for repairs and remodeling. The intended consequence of the new law was to protect current and future residents from greedy landlords and ensure that the city had a diverse population—not just wealthy people who could afford expensive housing. It was a noble cause.

What was Santa Monica like a decade later? The population of the schools had decreased dramatically, and the public schools were struggling to survive. Apartments were filled with 30-something single professionals, a fact reflected in the highest per capita ownership of personal computers in the entire country. Neighborhood grocery and hardware stores had been replaced by coffee bars and expensive boutiques on the main thoroughfare, catering to customers who looked like extras from an episode of the television show Friends. Santa Monica was significantly and irrevocably changed, but not in the way intended by those who had lobbied for rent control.

Within a few years of rent control legislation, the population in Santa Monica changed because landlords had hundreds of applicants applying for each vacancy. With apartments in Santa Monica renting for approximately 50% less per month than in neighboring cities, landlords had their pick of potential tenants. Suddenly, single mothers and people on fixed incomes couldn’t compete with young professionals who came with stellar credit ratings and promises to spend their own money to fix up an apartment.

Santa Monica’s rent control law (which was significantly modified 2 decades later) is a classic example of the law of unintended consequences. A decision is made for all the right reasons, but the effects of that decision not only are unintended but often are counter to the purpose of the original decision. Many examples of the law of unintended consequences exist from teenagers’ curfews to steel tariffs.

The law of unintended consequences may have landed squarely in the healthcare arena in the form of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). This law was designed to allow employees who leave a position in one company to keep their health insurance (ie, making it “portable”). Without such protection, individuals could easily be denied new insurance because of a preexisting condition such as heart disease, diabetes, or pregnancy. The law is far-reaching and attempted to change many aspects of healthcare related to patient privacy and insurance portability/renewability. While the architects of HIPAA were well meaning, they underestimated the frequency and intensity of information exchange in healthcare,1 creating unintended consequences for many clinicians, families of critically ill patients, hospitals, and researchers.

At the heart of the standards is “protected health information,” or PHI, which encompasses any identifiable health information transmitted or maintained in any form or medium, and includes oral, written, and electronic communications.2 A new vocabulary has emerged from HIPAA, including such phrases as “covered entities” (for example, healthcare plans or healthcare providers), “business associates,” “privacy officers,” and the “minimum necessary” rule that says only the minimum amount of information necessary to get the job done should be used.

There have been difficulties in the interpretation of the law. Each hospital may (and often does) interpret the law differently, creating conflict when 2 institutions must exchange vital information. Because the penalties are high, organizations tend to overinterpret the regulations, thereby placing additional but unnecessary burdens on clinicians. Horror stories are appearing in the literature, warning of unintended consequences. For example, a recent letter to the editor in the New England Journal of Medicine describes a situation in which a patient underwent cardiac transplantation.3 Postoperatively, routine blood cultures on the patient revealed a bacteremia. The infectious disease specialist at the recipient’s hospital contacted the donor’s hospital to ascertain the identity of the infection so that immediate antibiotic treatment could be initiated for the (now immunosuppressed) patient. The donor’s hospital refused to release the information, citing HIPAA regulations and policies, because the (now deceased) donor had not given authorization for release of PHI.

At the Bedside

Clinicians (both physicians and nurses) must constantly be aware of PHI and where it may be visible to others who are not involved with patient care. This means that flowsheets used for charting can never be left where someone may inadvertently see them. Chart pages, ECG (electrocardiographic) printouts with patients’ names, labels, and other scraps of paper with any PHI must be destroyed, usually by a shredder placed at the main nurses’ station. This regulation means that the nurse must leave the patient’s bedside in order to dispose of the paper—yet more time away from the patient.

Conversations between patient and nurse, the very essence of nursing care, are virtually impossible in nonprivate rooms. Conversations between clinicians must take place in a location where they cannot be overheard. Clerks who are on the frontline of the intensive care unit (ICU) are faced with a barrage of requests for information from patients’ families and friends and must consistently reply that regulations prevent them from divulging any information about a patient, including whether or not the individual is even hospitalized.

In ICUs, where constant vigilance and communication are critical, the HIPAA regulations seem to be a countervailing force in the care of patients. Clinicians are left to ponder the rationale of HIPAA when other regulatory bodies have already been charged with protecting confidentiality. More importantly, clinicians’ ethics have always supported patient dignity and privacy (think of those hospital elevator signs of decades ago reminding clinicians to protect patient privacy in their conversations).

The recent efforts by many to make staff and ICUs more accessible to families have had to take a large step backward. Families are on the receiving end when clerks explain that they are not at liberty to release any information. In some hospitals, one family member is identified as the information source for all calls. That individual is given a password that allows the clerk or nurse to provide the individual with updates. While this is one solution, it also creates a burden on that one family member who serves as the hub of all information and places a special burden on blended or divorced families for whom consensus about who will be the central communicator is hard to achieve. Family members are now often reluctant to leave the bedside for much needed rest for fear that they will not be able to call for updates on the patient’s progress.

If the patient is not in a private room (the norm because of Medicare and health insurance policies that reimburse only for double occupancy) or if the ICU has an open design, the family must leave the patient’s bedside when physicians and nurses are discussing the care of another patient. In short, the new regulations, as they are being enforced, may serve to isolate the family from both the patient and the staff and reverse the important trend to family-centered care.

In Healthcare Facilities

Healthcare facilities and hospitals have also borne a significant burden. The cost of implementing and maintaining the regulations has not been totally realized but could eventually reach into the billions of dollars. Some ICUs have been remodeled to accommodate the new regulations. The offices of ICU managers, previously accessible and visible to the staff (but usually containing patient information), must now be moved to areas where they are not visible or accessible. Not only are managers less accessible, other resources (such as medical journals, policies, and procedure manuals) that often reside in these offices are consequently less accessible.

Many ICUs do not have private rooms near waiting rooms where doctors and nurses can consult and inform family members in confidence. Therefore, family members must be taken some distance from the unit, or waiting rooms have been remodeled to accommodate private conversation.

Many critical care units contain strategically placed boards that list patients’ names and key information that indicate level of acuity and other important data (eg, “on IABP”). These boards act as an important street sign, giving instant information to healthcare personnel who may be urgently needed at the bedside. These boards must now be relegated to nonvisible areas of the ICU, rendering their usefulness virtually worthless. The loss of these boards along with the elimination of patients’ names from outside their rooms brings into question potential issues of patient safety.

The only apparent advantage related to the architectural changes demanded of hospitals by HIPAA is the instant obsolescence of the “doctors’ dining room” in the few hospitals where it still exists. There is certainly no need to provide physicians on staff with a special place to discuss patients when the entire staff is under the same stricture and admitting clerk offices are encased in plexiglass, taking on the appearance of a New York taxi cab.

On Research

Researchers are feeling the effects of HIPAA at every turn, even though no evidence exists that research jeopardizes confidentiality of patient information.1 Healthcare practices have changed significantly during the last century, from care that was largely based on anecdotal knowledge to care that is evidence based. Guidelines, best practices, and critical pathways have evolved based on research to support them. These processes have improved patient care and outcomes.

Although research per se is not covered under the privacy rule, HIPAA erects significant new procedural barriers to the use of PHI in research. PHI is defined much more broadly by HIPAA than by any other regulatory body overseeing research. According to HIPAA, PHI includes patients’ names, addresses, dates of any kind (eg, birth, hospitalization, death), phone number, medical record number—identifiers that are often an integral part of a research study. HIPAA hinders researchers in their ability to recruit patients into studies, maintain accuracy of data collection, and obtain longitudinal data from subjects already enrolled. It also requires that patients sign legal documents that inform them that their medical information may not remain private if they participate in a study, unnecessarily raising patients’ fears about the risk of participating. If research is being conducted in a hospital, the organization must track and record all access to patient records, adding to the paperwork burden.

Increasing restrictions on the use of even the most needed and appropriate information may stifle the research process. HIPAA may lead to investigators who won’t want to do research, patients who won’t want to enroll, and hospitals who won’t want to support research.

It is clear that HIPAA is here to stay. The noise level surrounding its implementation may decrease as time passes, but critical care nurses and physicians need to be proactive in the meantime. Although certain areas of HIPAA are clearly black and white, much remains in a grey area due to ambiguous language and the reevaluation of circumstances resulting from the underestimation of unintended consequences. Nurses and physicians working in critical care are in a unique position to influence the ultimate implementation of HIPAA and can suggest possible solutions when they see situations or problems arise from the new regulations. In most cases, this means working with management and the designated person in the hospital charged with enforcing HIPAA regulations to identify problems immediately. Committees composed of staff members can be important in bringing potential problems and solutions to the forefront. Actively engaging patients and their families to solicit their feedback could also yield benefits.

Unintended consequences are more likely to occur when those involved are not actively assessing the situation and taking action to prevent potential problems—just the things that critical care nurses and physicians do best.

Kulynych J, Korn D. The new HIPAA (Health Insurance Portability and Accountability Act of 1996) Medical Privacy Rule: help or hindrance for clinical research?
. August
Standards for Privacy of Individually Identifiable Health Information. Washington, DC; 2003. Available at: Accessed February 9,
Salem DN, Pauker SG. The adverse effects of HIPAA on patient care.
N Engl J Med
. July


To purchase reprints, contact The InnoVision Group, 101 Columbia, Aliso Viejo, CA 92656. Phone, (800) 809-2273 or (949) 362-2050 (ext 532); fax, (949) 362-2049; e-mail, [email protected].