HIPAA is a monumental act in American history, offering protection for patient’s health information in a constantly changing health care environment. With the multi-stakeholder payment and reimbursement processes, HIPAA serves as a protection for patients that the parties managing their information must follow. In order to be an informed consumer of health care, patients should strive to familiarize themselves with the policies that affect their personal information and relationships with care providers and payers. The questions below detail three areas that patients may not know about the HIPAA law.
HIPAA is an acronym that represents the Health Insurance Portability and Accountability Act. While knowing the full name of the policy is important, just stick with HIPAA for general conversations. The four-letter representation is widely accepted and understand by most everyone working in the health care environment.
What are my rights under HIPAA?
Many patients have asked their physicians and other medical staff to clarify how HIPAA affects them, their children and the personal information associated with their medical care. Primarily, HIPAA affords patients the right to obtain a copy of their health information regardless of their payment status with the physician or hospital system. While a patient can request a paper copy of their medical information, it is also within the rights of any patient to request an electronic copy of their medical record; this includes labs and test results. Patients should also be aware that under HIPAA, a healthcare provider who initially conducted a test or other exam is not liable for the security of any information after it has been sent along to another organization such as a payer or clearinghouse.
Additionally, HIPAA provides detailed specifications governing what information family and friends are able to attain from a patient’s physician. A patient generally has to provide permission, either written or verbal, before a health care provider can provide any details about diagnosis, treatment or payment to a friend or family member. A patient can imply consent over information sharing by bringing an additional person to a health care examination or meeting with a physician. In extreme circumstances, such as a debilitating injury or surgery, the treating physician will use his or her discretion to share medical information with family and friends involved in care decisions and payment. For instance, if a patient is unconscious from having her gallbladder removed, the physician will share her condition with a spouse; however, the physician will not share unrelated information about past medical problem or unrelated procedure, such as a wisdom teeth removal.
Are any organizations that hold my information exempt from HIPAA?
Yes. The Privacy Rule does not apply to employment records which sometimes contain medical information. Differentiating an employment record from an employer-sponsored health plan is important to understanding how this exemption affects patients. The Privacy Rule ensures that any information related to your medical plan is protected. For instance, if your BlueCross BlueShield is your insurance carrier, a representative from the insurance company will never share any reimbursement details with an employer as this would be a flagrant HIPPA violation. However, if an employee needs to take medical leave for a condition, he or she may be required to submit a note from a physician or insurance provider which would then be held in the unprotected employment record.
Understanding patient rights under HIPAA is an important component of being able to advocate for the best health care possible. When patients have a strong understanding of how policies impact their relationship with a physician, insurance carrier and employer, they can make more informed decisions about care and personal information disclosures.
Written by: Meagan Bates