Today, you have more reason than ever to care about the privacy of your medical information. This information was once stored in locked file cabinets and on dusty shelves in the medical records department.
Your doctor(s) used to be the sole keeper of your physical and mental health information. With today’s usage of electronic medical records software, information discussed in confidence with your doctor(s) will be recorded into electronic data files. The obvious concern – the potential for your records to be seen by hundreds of strangers who work in health care, the insurance industry, and a host of businesses associated with medical organizations.
Fortunately, this catastrohic scenario will likely be avoided.
Congress addressed growing public concern about privacy and security of personal health data, and in 1996 passed “The Health Insurance Portability and Accountability Act” (HIPAA). HIPAA sets the national standard for electronic transfers of health data. Before HIPAA, each state set their own standards. Now states must abide by the minimum standards set by HIPAA. States can enact laws to incorporate and/or strengthen the basic rights given by HIPAA.
How HIPAA’s Privacy Rule Protects YOU; The Patient
Access to your own medical records
Prior to HIPAA, access to YOUR medical records were not guaranteed by federal law. Only about half the states had laws giving patients the right to see and copy their own medical records. You may be charged for copies but HIPAA sets fee limits.
You Must Be Given Notice Of Privacy Practices
How your medical information is used and disclosed must now be given to you. The notice must also tell you how to exercise your rights and how to file a complaint with your health care provider and with the DHHS Office of Civil Rights.
HIPAA Requires Accounting of Disclosure Details
You have the right to know who has accessed your health records for the prior six years, However there are several exceptions to the accounting requirement. Accounting is not required when records are disclosed to persons who see your records for treatment, payment, and health care operations. These individuals do not need to be listed in the disclosure log.
Filing A Complaint
If you believe a health care provider or health plan has violated your privacy you have the right to file a complaint with your health care provider and with DHHS.
Special Requests For Confidential Communications.
You can make special requests specifying how you would like your doctor’s office handle confidential communication. For example you can ask for calls be made to your home rather than your office. Your health care provider should agree to any of your reasonable requests.
Establishment Of Formal Safeguards.
Healthcare business must comply with certain administrative requirements including staff training and appointment of a privacy officer.
You can also choose to have your medical information discussed with designated immediate family members, close friends, or relatives.
If HIPAA Privacy Rule is violated the government can file a lawsuit for violations.Civil and crimanal penalties certainly provide an incentive for compliance.
The HIPAA Privacy Rule Is Less Than Perfect.
Consumer and patient advocates are critical of HIPAA for its numerous weaknesses.
Your consent to the use of your medical information is not required if
it is used or disclosed for treatment, payment, or health care operations.
Your private health information may be disclosed to pharmaceutical companies or businesses looking to recall, repair or replace a product or medication.
You have no right to sue under HIPAA for violations of your privacy. You may be able to sue under state law using the HIPAA Privacy Rule to establish the appropriate standard of care.
Business associates can receive protected health information without a patient’s knowledge or consent. Business associates may include billing services, lawyers, accountants, data processors, software vendors, and more.
Law enforcement can access protected health information without a warrant or court order.
The HIPAA Privacy Rule only applies to health care providers, health plans, and health care clearinghouses.
Health care providers who transmit health information electronically.
Health plan is defined as anyone that pays for the cost of medical care.
Included in the group – health insurance companies, health maintenance organizations, group health plans sponsored by your employer and Medicare/Medicaid.
Health care clearinghouses