So. How are you? How do you feel?
What you tell friends, neighbors and co-workers—or post online—about your day-to-day well-being is, of course, up to you. In our digital world in which everybody knows almost everything, your health is one of the few things that you can still keep private.
While following the latest health care industry reforms and rules can make even the healthiest folks queasy, laws can help keep your personal health information and records confidential without giving you a headache.
Take a painless scan of your health privacy rights.
Help From HIPAA
Ancient physicians included in their famous oath a promise to keep patients’ secrets private, but it took the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to establish national privacy standards.
HIPAA’s privacy rule, issued by the U.S. Department of Health and Human Services (HHS), controls the use and disclosure by heath care providers and plans of an individual’s personal health information (PHI).
This federal privacy rule has your back when it comes to your health records. It requires your hospital, clinic, nursing home, pharmacy, doctors, dentists, chiropractors, mental health care providers and other covered folks including their business associates and sub-contractors, to safeguard your private records and information.
The rule covers any health information with personal identifiers such as your name, address, social security number, phone numbers and birth date. And it includes information in any form – electronic, verbal or on dead trees – about your past, present or future physical or mental health care or condition, as well as payments for your health care.
It’s Your Info
Your personal health information belongs to you, and health care industry workers covered under the HIPAA rule must safeguard your information by keeping it private.
- You have the right to know and limit who sees your health information.
- Except for a mental health provider’s psychotherapy notes, you have the right to access copies of your medical and billing records and request corrections.
- Your health providers and plans must inform you about their privacy practices. In order to disclose or use your medical information protected by the rule, providers and plans must get your ok. And you don’t have to sing the HIPAA song.
When Do the Rules Allow Disclosure of Your Info?
Sometimes you personal information is not so private. A doctor never needs to ask for authorization before sharing protected health information, other than psychotherapy notes, with other doctors or health providers for the purposes of a patient’s care and treatment.
Other exceptions to the privacy rule may include emergencies; in connection with child abuse or neglect, law enforcement, medical research, or public health issues; or in response to a court order or subpoena.
Perhaps surprisingly, being a celebrity, including one named Kardashian, triggers no exception to the privacy rule.
Your Genome is Your Business
DNA can be as personal as it gets. The Genetic Information Nondiscrimination Act of 2008 (GINA) prohibits discrimination in health coverage and employment based on genetic information.
Under HIPAA, genetic information is considered personal health information that may not be used or disclosed by most health plans for underwriting purposes. This info includes genetic tests, genetic tests of family members, and family medical history. Of course, people who like attention can go on TV and talk about their own DNA.
Protecting HIV Privacy
The rule does not specifically mention AIDS but like other health information, but an individual’s HIV/AIDS status and treatment is protected under HIPAA.
Don’t Get Mad
If you feel a provider or other covered entity has violated your privacy rights, don’t take two aspirin and hope the breach goes away. Instead, file a complaint with the Health and Human Services Office of Civil Rights.
HIPAA violations carry criminal and civil penalties. And the new HIPAA omnibus rule made the penalties stricter.
States regulate health privacy too
The federal rule sets forth a minimum standard of privacy for medical records. States have enacted their own health privacy standards which may preempt HIPPA. Examine your state’s medical privacy law, courtesy of Georgetown University.
Healthier than paperwork
For healthcare providers, securing privacy is no digital game.
As health care continues to morph from paper records and hand-scrawled prescriptions into the 21st century world of health information technology, featuring electronic health records (EHR) and digital communications, new privacy risks are emerging.
In addition to the privacy rule, the HIPAA security rule establishes administrative and technical safeguards specifically covering “electronic protected health information” (ePHI).
And Congress enacted the Health Information Technology for Economic and Clinical Health Act (HIGHTECH), part of the economic stimulus package in 2009, to advance the use of health IT to cut costs and improve care quality and efficiency. It’s complicated, but privacy means HIPPA and health IT must work together.
As the health care reform and debate continues, here at Rocket Lawyer we discreetly say, be healthy, take care of yourself, and get comfortable with your health privacy rights. And of course, we can help you with health-related documents, from a HIPAA Authorization Form to a Power of Attorney.