July 14, 2004

Distinguished members of the Committee: I am pleased to testify today on behalf of the Radio-Television News Directors Association regarding how implementation of the HIPAA Privacy Rule affects the operations of radio and television newsrooms. RTNDA is the world’s largest professional organization devoted exclusively to electronic journalism. RTNDA represents local and network radio, television and online journalists in more than 30 countries around the world.

To give you a little background…I have worked as a journalist in Washington for more than 30 years and have held management positions in print, radio and television. I was managing editor of the Washington Star in the 70s before going over to the broadcast side in 1979 as vice president for news at National Public Radio. Later, I was executive producer of Meet the Press at NBC, and then vice president and Washington bureau chief at CBS. I became president of RTNDA in 1997.

HIPAA, as it is written and interpreted, is making it harder for electronic journalists to gather information and report on issues and events of local and national interest. Before HIPAA’s Privacy Rule took effect, RTNDA and other journalism organizations, in written comments and in face-to-face discussions, urged HHS officials to revise the proposed rules to accommodate newsgathering. Specifically, we asked that the rules be substantially revised to reflect the public’s interest in receiving information concerning health and safety and to preserve journalists’ longstanding access to such information. Particularly in times of emergency, disaster and other events of high public interest, we argued, a certain amount of identifiable health information reaches the public through the press. In addition, we attempted to point out that the HIPAA Privacy Rule would have the unintended consequence of placing a blanket of secrecy over all health care information, whether or not in the hands of a “covered entity.”

The public’s interest in health-care information should not be underestimated. There is a public interest in knowing whether victims of crime or disasters are being treated in the hospital and what their general status is. There is a public interest in knowing the health of our public officials and its relationship to how those officials carry out their duties to the public. There is a public interest in uncovering corruption or mismanagement at the facilities where individuals receive medical care for themselves and their families. There is a public interest in learning about a wide range of health-care issues that affect the community and being able to make informed decisions regarding those issues.

Indeed, our reporting about tragedies and medical cover-ups benefited greatly from public access to hospital directory information and other medical records and reports. Immediately following the terrorists attacks on September 11, 2001, journalists used hospital lists and other records to chronicle the devastation, including compelling vignettes of the victims. Directory information also enabled the public and journalists to keep track of victims felled during the Oklahoma City bombing, the school shootings at Columbine and in Jonesboro, and the anthrax attacks. The information helped the public to fully understand the effect and the extent of such tragedies.

Unfortunately, however, the HIPAA Privacy rule was published without accommodation or even acknowledgment of journalists’ concerns about how the rule would cripple their ability to tell stories. HIPAA not only impairs journalists during stories of national interest, like the ones I have mentioned, but during stories vital to their local communities. Since it became effective in April 2003, the HIPAA Privacy Rule has stood in the way of stories regarding matters of public importance that used to be reported every day by electronic journalists across the country.

No one wants to run afoul of HIPAA. People are afraid that giving out information will expose them to litigation, penalties or fines. Because of HIPAA, many traditional news sources can or will no longer discuss patients with the press. Hospitals, emergency medical services and some fire departments that operate ambulances are among the affected sources. And, because of the confusion surrounding the Privacy Rule, sometimes police, firefighters, sheriff’s departments and even football coaches believe they can no longer talk about a sick or injured person in public. Journalists are having a hard time finding out names of disaster and accident victims. Investigative reporting on malpractice or patient abuse is difficult or hazardous.

Before HIPAA, electronic journalists regularly made calls to hospitals for the name, condition, and admission and discharge time of a patient. Indeed, something as routine as a hospital directory was an invaluable and often-used source of information for journalists. Reporters regularly relied on incident information from police, fire departments, 911, ambulance and other emergency services for information where any sort of medical condition was involved. From traffic accidents to occupational injuries, from illness due to food consumption to dangerous epidemics, this information let journalists know whether or not certain events were serious or newsworthy, and let them keep the public informed.

Since HIPAA became effective, however, it has become difficult… if not impossible… for journalists and other interested members of the public to obtain health information on matters of public interest that used to be routinely available. The lack of recognition of the journalist’s role in covering medical issues, coupled with the rule’s enforcement guidelines, meant the end of valuable sources of information. It’s a critical part of news reporting to follow up and know how someone is doing.

Significantly, HIPAA has handcuffed reporters in their ability to perform due diligence on sources. The information the media gets from those not specifically covered by the act may be exaggerated or distorted. Before HIPAA, when a reporter got a story tip from a victim, a patient or a bystander, it was routine for the reporter to check with a hospital to confirm the veracity of that story. Now, reporters are denied information from the most reliable source. As a result, HIPAA has cheated listeners and viewers by depriving them of the details that enable them to judge the veracity and relevance of a story and, in some cases, fuels rumors and misreporting.

As others will testify today, HIPAA has had a debilitating effect on all journalists. Since I have been asked to testify on behalf of the broadcast media, however, I must point out that the repercussions for electronic journalists have been particularly acute. Numerous studies have concluded that more Americans get their news from local television than from any other source. A study we conducted in 2003 found that local television is the American public’s major source of news (49.9 percent), followed by network news (23.2 percent) and local newspapers (13 percent). The study also showed that television rated highest as the most trusted medium. An FCC-commissioned Nielsen survey in 2002 found that almost 60 percent of Americans rely primarily on radio and television for local news and information on current affairs.

Nowhere is public reliance on radio and television for news and information greater than during breaking news scenarios. Immediacy is the hallmark of electronic journalism. HIPAA not only impairs reporters’ ability to get details about a patient’s condition, for example, it handcuffs their ability to get information quickly. Because of the nature of our deadlines, we cannot wait for a covered entity to maneuver through the procedures to obtain authorizations. And we cannot wait to obtain information from an alternate source such as a police report, which may not be filed until several days after an incident. Moreover, we rely on the use of video or other imagery to tell our stories. In numerous instances, even with patient consent, electronic journalists have been prohibited from taping because of fears that something contained in the video will inadvertently violate HIPAA. The Privacy Rule has changed what people see on television and what they hear on radio newscasts. So HIPAA has proved unworkable, particularly from the perspective of electronic journalists.

HIPAA Has Had Both Intended and Unintended Consequences

There can be no doubt that HIPAA has chilled speech on public health and safety matters, whether or not such matters are clearly covered by the rules. Let me briefly speak about the two types of HIPAA problems RTNDA members are encountering on an almost daily basis: first, situations in which information is withheld by parties who erroneously believe that HIPAA precludes them from disclosing health information, and second, instances in which reporters are unable to obtain important information from the most reliable source because of HIPAA’s proscriptions.

I think it is fair to say that, whether through word of mouth or misinterpretation, there is a widespread belief that the HIPAA guidelines prohibit the release by anyone of any information about an individual’s medical condition or treatment if it is coupled with any information that can reasonable identify the individual. As a result, many non-covered entities, from police and firemen to athletic directors, and even victims’ relatives believe that they must protect information obtained from health-care workers or even health-related information about a patient or victim they have obtained first-hand. I also would suggest, more skeptically, that law enforcement and other government officials may be using the law’s privacy rule as an excuse to avoid disclosing information they simply do wish to keep from the public eye.

Rather than risk massive civil penalties and felony prosecution, in numerous jurisdictions, municipal attorneys who lack the resources to examine and interpret HIPAA have simply instructed law enforcement, coroners and other government employees to remain closed-lipped when it comes to health care-related information. Officials have issued mandates requiring police officers to withhold certain information about murders and traffic fatalities. One news outlet was cautioned about the use of a photo of a student who collapsed on a school athletic field, taken at the field with the school’s permission.

There have been instances in which city police, who are not affected by these rules, have even begun using medical privacy reasons to redact criminal records. A Department of Corrections used HIPAA to withhold information about inmates who died in state prisons. One of our news directors had his news team removed from a hospital room, where the patient and his family had expressly agreed to a taped interview about the patient’s treatment and recovery. Other reporters have had routine requests for 911 recordings to report on ambulance response times denied. Officials said that the tapes, which are specified in state law as public records, were off limits because of HIPAA. In numerous instances, reporters have been cautioned that if they disseminate information they have lawfully obtained that is health-care related, the reporters themselves may be subject to significant fines or imprisonment.

In an effort to combat the significant obstacles reporters continue to face because of misunderstanding, misinterpretation or other wrongful invocation of the HIPAA Privacy Rule, RTNDA and other journalism organizations have undertaken grass roots efforts to educate journalists about the specific requirements of the rule, and to provide journalists with information that will assist them in situations where access to information is improperly denied. RTNDA has prepared, distributed and posted on its web site a Power Point presentation describing the background and fundamentals of the HIPAA Privacy Rule, as well as answers to reporters’ most frequently asked questions about HIPAA, a copy of which I have attached to my testimony.

I would submit that HHS also can, and should, play a role in educating the public about HIPAA so as to reduce its unintended consequences. HHS maintains a useful website with HIPAA-related information. Recently we wrote to Richard Campanelli, Director of the Health Department’s Office of Civil Rights, and urged a posting to the web site that clarifies: (1) that that HIPAA does not pre-empt state public records laws governing information held by non-covered entities and (2) that law enforcement agencies are not covered entities unless they provide patient services for which electronic billings are submitted. Without a clear statement from HHS, organizations around the nation attempting to obtain information that remains covered by state open records laws, or that is wrongly withheld by a police department or other non-covered entity, will be forced into costly litigation to clarify that HIPAA does not apply.

Journalists have not only faced problems because of misinterpretation of the HIPAA Privacy Rule, but also because of application of the rule as it is written and intended. The rule itself removes from public view a significant amount of truthful information that is vital for the public to have in order to make intelligent decisions. By prohibiting the dissemination and publication of any individually identifiable health information— regardless of the public interest in that information—the HIPAA Privacy Rule effectively has censored both daily news reports on basic hospital information about patients who are victims of violent crime, accidents or natural disasters, and investigative reporting concerning health care fraud, patient abuse or environmental hazards. For example, a story about an emergency room that refuses to care for poor patients would be virtually impossible to research under current HIPAA constraints.

When an Amtrak train derailed in Florida, officials took several days to release even vague information such as the number of dead and the extent of the injuries suffered by train passengers. After sharks began attacking swimmers in Virginia Beach, reporters were stifled in their efforts about the attacks and the status of shark victims. When 57 partygoers were injured and 13 people died in a porch collapse, Chicago listeners and viewers learned almost nothing about them. When there were reports of SARS cases in the United States (at one point, 51 suspected cases in 21 states), U.S. and state health officials held back their identities, conditions and locations, and refused to disclose how the cases might connect. Certainly, the public interest in knowing more details about possible exposure to a highly contagious, deadly respiratory illness with symptoms that mimic lesser diseases was keen.

Recently, a 16-year-old high school student in Fairfax County, Virginia, died from viral meningitis. Doctors do not have to report viral meningitis to public health officials (only the more serious and often fatal bacterial meningitis). Still, reports of other cases surfaced, some involving elementary school teachers. While Fairfax County Health Department officials stated that the outbreak was not unusual and attempted to alleviate concerns, the simple fact remained that one child had died, and parents in Fairfax County were denied the information they needed to determine whether their own children might have been exposed. Remarkably, the Chantilly High School principal admitted that until the day her student died, “We had no notification. We really had no idea what she was ill from.” Even when one elementary school teacher in Reston confirmed that she had contracted the disease, health officials in Virginia and Maryland said they could not confirm her case, citing patient confidentiality laws.

Because of HIPAA, the public record is shrinking to include only sterile statistical reports and dry recitations of events stripped of the human element. A report that a 2-year-old girl was shot dead in her bed by a stray bullet emanating from gang violence may be reduced to a report saying that a victim was taken to the hospital with a critical wound, if that. Under HIPAA, instead of getting detailed information about the condition of a hospital patient, journalists can get only a one-word condition. And that information will be provided only if the patient has consented to having his information released to the public and only if the journalist has the patient’s full name. Authorizations should not be required to release basic public interest information.

Finally, the HIPAA Privacy Rule penalizes whistleblowers. Although the new regulations offer some provisions for whistleblowers who take their concerns to government officials, there are no provisions that allow for them to tell their stories to journalists instead. Whistleblowers who receive no response after informing regulators of misconduct in the health-care system will avoid airing their concerns to journalists who could inform the public of that misconduct because of fear they will be subject to HIPAA’s civil and criminal sanctions. It is unacceptable to muzzle a citizen who believes a covered entity is unlawful or otherwise violates professional or clinical standards, or that the care, services or conditions provided by the entity potentially endanger patients, workers or the public.

Proposed Revisions

Given that we have now seen that much of what journalists feared would happen under HIPAA has indeed happened, I would like to take this opportunity to again ask that the HIPAA Privacy Rule be revised to accommodate newsgathering. Specifically:

1. The rule should be revised to allow a covered entity to disclose basic information about an individual’s medical information to the press and the public so as not to interfere inappropriately with news reports on matters of public interest. More specifically, a covered entity should be permitted to disclose an individual’s name, sex, age and basic information about his medical status or diagnosis, including, but not limited to, the individual’s condition, diagnosis, extent and location of injuries and whether the individual was conscious when admitted, in situations where the covered entity determines that there is a bona fide public interest in releasing the information.

2. The definition of a covered entity should clearly exclude public agencies, including fire, police and law enforcement departments and providers of 911 emergency services.

3. The definition of health care should clearly exclude emergency services provided by emergency and law enforcement agencies, even when the care would otherwise be considered “health care” under the rule.

4. State law should not be preempted, where that law expressly provides for disclosure to the public.

5. The regulations should be revised so as not to limit protections for whistleblowers. Instead, they should ensure protection for whistleblowers to report concerns to journalists.

6. The regulations should state that they do not apply to health information of individuals who have died.

7. The rules should not afford the ability to restrict public access to directory information.

8. The regulations should not apply to entities, including public health authorities and law enforcement agencies, that receive disclosures of health information from covered entities.

9. The regulations should clearly state that the civil and criminal penalties do not apply to the news media, even where information disseminated by news media is received from a third party who may have violated HIPAA.


While it is true that there is a compelling argument for maintaining the confidentiality of certain patient information, there is a corresponding need to preserve the traditional free flow of information. This is critical in order for the public to hold government and health-care providers accountable and for the public to be informed, among other things, about emergencies, accidents, epidemics, crime, disasters and fatalities. Because of HIPAA, thousands of stories have been lost. It is important for journalists to be able to tell these stories without encumbrance, whether to expose a wrongdoing, to inform a community of a life-threatening disease or disaster, or to hold the medical system accountable. RTNDA submits that some use of individual information is necessary and justified, and that the Privacy Rule should be revised to allow hospitals, health-care providers and whistleblowers to release certain essential information—information that used to be routinely available—to secure health and safety and to enable the public to oversee the conduct of its government and the performance of its health-care system. In addition, RTNDA urges the Department to clarify what the rule does and does not cover and to make and that information readily accessible, so as to alleviate its widespread unintended consequences.

Thank you for the opportunity to testify on behalf of RTNDA and all electronic journalists before your committee today.

RTNDA’S GUIDE TO HEALTH COVERAGE UNDER HIPAA: http://www.rtnda.org/foi/hipaafaq.shtml