Patient privacy has always been an important concept in the medical profession. New laws are taking this notion a step further, making it mandatory for medical facilities to protect individually identifiable health information. Recent implementation of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) offers you even more protection with your medical information.
What is HIPAA?
Basically, HIPAA protects people from having their medical histories accessed or made public without their permission. Although the promise to maintain patient privacy is incorporated in the Hippocratic Oath taken by all medical professionals, efforts to safeguard medical records have met some unique challenges. Many hospitals and medical offices now rely on electronic storage of medical information, a system that makes processing claims and handling administrative information more efficient and less costly, but poses security issues if their computer systems are not properly guarded.
Any organization or business not complying with the new standards faces harsh penalties--up to $25,000 or more for multiple infractions and even jail time if the breach is deemed intentional. Organizations that must comply with HIPAA include health care providers, health plans, and health care clearinghouses.
Although HIPAA guards against misuse of individual medical records, it is still acceptable to provide such information to public health authorities for research studies or to protect the public from disease. Neither of these actions requires your consent, but HIPAA ensures that the information provided will not disclose your identity. In addition, caregivers are still required by law to disclose health information when domestic violence or abuse is suspected.
Specific requirements include:
- Notifying patrons of privacy rights and how their health information is used and/or disclosed.
- Adopting internal policies that support the uniform standards set forth by the government.
- Training employees about the new policies and procedures.
- Training specific individuals to manage privacy-related complaints.
If you have visited a physician, dentist or pharmacy lately, you may have noticed a variety of ways in which these requirements are being implemented. Most medical offices now require patients to sign forms concerning the new law and how their records will be handled. Many facilities now require photo identification upon check-in, and some pharmacies are asking patrons to wait away from the counter, where other patients records can be seen and conversations could be overheard, to ensure maximum privacy.
Because each organization is different, the manner in which they implement administrative and technical requirements to protect a patients privacy may be different as well. However, all medical organizations are required to provide legal documentation detailing how they comply with the new regulations and how they provide patients or legal guardians access to applicable health records and an account of any disclosures, if requested.
What HIPAA Provides
The HIPAA privacy rule establishes basic patient rights with respect to protected health information. HIPAA provides the right to:
- Receive a written notice of privacy practices from your health plan and covered provider. The notice must clearly explain how patient information will be used and disclosed.
- Access or request an amendment to your health records.
- Receive an accounting of the instances where your health information was disclosed for purposes other than treatment, payment or health care operations, if your signed authorization was not required in order to make the disclosure.
- Inquire or make complaints to your health care provider or health plan regarding the privacy and confidentiality of your health information.
- Set limits on who gets to see your personal health information.
- Stop unwanted mail about new drugs or medical service.
What HIPAA Does Not Cover
Your medical information may be available to many who are not covered by HIPAA. Here are some examples of who is not covered.
- Life insurance companies.
- Workers Compensation.
- Agencies that deliver Social Security and welfare benefits.
- Automobile insurance plans that include health benefits.
- Internet self-help sites.
- Those who collect health data you give voluntarily for surveys or research projects.
- Those who conduct screenings at pharmacies, shopping centers, hometown fairs, or other public places for blood pressure, cholesterol, spinal alignment, and so on.
- Researchers who obtain health data directly from health care providers.
- Law enforcement agencies.
Diona L. Reeves
Health Communications Specialist, CYKE, Inc.
HIPAA Advisory provides the HIPAA Primer to help explain the new law and privacy standards. www.hipaadvisory.com
The U.S. Department of Health and Human Services Office for Civil Rights Privacy Rule Summary, www.hhs.gov/ocr/hipaa
Download the HIPAA Privacy Rule and Public Health: Guidance from the CDC and the US Department of Health and Human Services, www.cdc.gov/privacyrule/Guidance/Content.htm