HIPAA laws protect your privacy up to a point
One hundred years ago last week, according to the archives of Bonner County History Museum, Mrs. A.E. Cherry was in the hospital recovering from surgery, Little Helen Burke was there “very ill with stomach trouble.” Mrs. John Berg was being released after six weeks in hospital during which time her children had recovered from smallpox at their grandmother’s house.
These types of gossipy tidbits went out of newspaper fashion many years ago, partly because there were other, perhaps more pertinent, stories to cover and mostly because of a law that was enacted in 1996. With the nascence of electronic medical records the Health Insurance Portability and Accountability Act (HIPAA) was enacted to define patients’ rights.
“A major goal of the Privacy Rule is to assure that individuals’ health information is properly protected while allowing the flow of health information needed to provide and promote high quality health care and to protect the public’s health and well-being. The Rule strikes a balance that permits important uses of information, while protecting the privacy of people who seek care and healing,” The Department of Health and Human Services website explains.
When you have medical treatment you’re given the opportunity to read through the HIPAA Law and are expected to sign a document stating that your provider has offered you a copy of or an explanation about the law. Understanding the law is fairly easy but reading through it is time consuming.
It’s probably not stretching the truth to say that most of us want to keep our health information private. But, we do want to know if there is an outbreak of mumps or, heaven forbid, smallpox. Unidentified (meaning they don’t name the patient) health records are and should be shared plus there are some diseases you may contract that your healthcare provider has to disclose by law.
Obviously your health records are shared with your health insurance policy holder, otherwise the bills wouldn’t get paid. However, if you choose not to share that information, it’s your right, provided you intend to pay for those services yourself.
“Your employer can ask you for a doctor’s note or other health information if they need the information for sick leave, workers’ compensation, wellness programs, or health insurance,” the HHS says. “However, if your employer asks your healthcare provider directly for information about you, your provider cannot give your employer the information without your authorization unless other laws require them to do so.”
Probably one of the most important rules is that you have the right to obtain your medical records. You may have to put the request in writing and pay to have them copied and mailed, but you should receive them within 30 days.
When you check your records, you have the right to change any information you think is incorrect. “For example, if you and your hospital agree that your file has the wrong result for a test, the hospital must change it. Even if the hospital believes the test result is correct, you still have the right to have your disagreement noted in your file,” HHS states.
By law, you can learn how your health information is used and shared by your doctor or health insurer and also, by law, you can choose the information you do not want them to share.
“If you go to a clinic, for example, you can ask the doctor not to share your medical records with other doctors or nurses at the clinic,” HHS explains.
The Privacy Rule doesn’t allow providers to tell your family or friends about your health unless you give them permission to do so. That said think about someone taking you to the Emergency Department. There will most likely be the assumption that you agree to having that person know the diagnosis and to fill a prescription or know what measures need to be taken for your comfort and recovery. It’s up to you to state it if that isn’t the case.
There’s too much HIPAA info to include it all here. Go to HHS.gov/hipaa to read it yourself.
Kathy Hubbard is a member of Bonner General Health Foundation Advisory Council. She can be reached at 264-4029 or firstname.lastname@example.org.