What is HIPAA?
We’ve all been there: a new patient at the doctor’s office or hospital, where a lot of information is thrown at you. And buried in that packet of paperwork is a very important form that few people ask about: a summary of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, which protects your health information from getting into the wrong hands. Former President Bill Clinton signed HIPAA into law in 1996. Here are 10 things to know about your rights and protections as a patient under HIPAA.
How is it activated?
Most people confront HIPAA for the first time at the doctor’s office. “[The form summarizing HIPAA] is something that you get every time you go to the doctor, and you have to sign it,” says Lisa McGiffert, director of the Safe Patient Project, launched by Consumers Union, the advocacy arm of Consumer Reports. It entitles you to your medical records, and allows you to get a list of the entities that have access to your records, she adds. You can also place restrictions on who gets access to your medical records.
Who can access your information?
If you’re getting a general checkup, your physician and insurance company have access to your records, McGiffert says — unless you pay out of pocket and request that the insurance company not get a copy in order to conceal certain conditions that might affect premiums. If your condition is more complex, like cancer, a much wider network will receive your information because more physicians are involved in your care, McGiffert adds. Also, whoever accompanies you to the hospital or doctor’s office (provided it’s a family member) gets access.
Who doesn’t get access?
Your employer. “You could have your health information shared with your employer, but only with your permission,” McGiffert says. Family members who haven’t been approved by the patient also don’t get access, says Deven McGraw, a District of Columbia-based attorney specializing in health privacy issues at Manatt Phelps & Phillips LLP.
Who also doesn’t get access?
The media. Journalists must go through a hospital’s public relations department to access any patient information, and that information is only available on a very limited basis if a patient has been listed in an institution’s directory. Read on for more details on what can and can’t be shared.
What can be shared?
If you are hospitalized, and you or a designated family representative chooses to have you listed in the patient directory, media or other members of the public can confirm that you are hospitalized and be given a one-word condition report, according to patient privacy experts. Only with your permission — or a legal guardian’s green light — can they access more.
When do patients typically request anonymity?
Some people — high-profile athletes, for example — will choose to remain anonymous, and victims of domestic violence, gunshot wounds and other sensitive situations will typically automatically be made nondisclosure patients. So if a journalist or anyone else calls to inquire about the patient, no information is provided — even if the journalist has confirmed the patient’s hospitalization with a family member or the authorities.
How can you access your records?
You can get a copy of your medical records at the doctor’s office in whatever format you wish — be it on paper or via email, even if the Internet connection isn’t secure, McGraw says. You can also request an amendment to your records if you see errors, she adds. This could include an incorrect address or medication attributed to you but prescribed to a patient by the same name.
How frequent are violations?
HIPAA violations are rare. Breaches are most often innocuous — a health document or thumb drive containing protected data gets misplaced. Of course, there are those who intentionally snoop, usually because they know the patient and are curious about his or her status.
Are pictures allowed?
With a patient’s consent, family members and friends can typically take pictures of the hospitalized patient, preferably in the privacy of his or her room. Taking pictures in public spaces is often off-limits because it risks capturing other patients. Most hospitals have policies generally forbidding anyone from videotaping the administration of health care without express permission from the hospital or patient or legal representative, whether a baby is being delivered or an IV is being placed. This is designed to protect patients, providers and the hospital.
Do HIPAA protections ever expire?
HIPAA protects your privacy for 50 years after your death, McGrew says. That said, hospitals must report cause of death to the local coroner’s office, as well as the public health department. Your medical representative is the only person who has a right to your medical records, however. Researchers can also access certain information that is relevant to their research, McGrew adds.
More from U.S. News
How to Be an Empowered Patient
10 Essential Items to Pack in Your Child’s Hospital Bag
10 Questions Doctors Wish Their Patients Would Ask
HIPAA: Protecting Your Health Information originally appeared on usnews.com
