A Patient’s Guide to HIPAA Rights

Medical record keeping procedures have evolved rapidly in the past few decades, necessitating better controls to protect the efficiency and integrity of patient information.

In 1996, a law was passed which was called the Health Insurance Portability and Accountability Act (HIPAA). Medical records created and stored on computer hard drives were at risk of being hacked, thus jeopardizing patient privacy and confidentiality.

To protect information, safeguards were enacted to control access to medical records. For example, when an employee of a medical facility walks away from their computer, they are required to take steps to secure the system.

The employee is instructed to carefully guard all passwords to programs, so the electronic health records cannot be accessed by anyone except authorized individuals.

Patients’ Legal Right to Privacy Information

The doctor-patient relationship is of utmost importance. Patients depend on their health care providers to plan, facilitate, and monitor medical care in a safe and confidential environment.

When you present to the doctor’s office, before you receive treatment, you check in and receive pertinent paperwork. One print-out you should receive regularly is the Notice of Privacy Practices that apply to that medical practice.

The office is required by law to display a copy of this notice in an observable place, usually near the receptionist’s window.

Information about the ways a patient’s personal medical information will be used and to whom it may be disclosed must be outlined, along with the name and contact information of the person to whom questions, and concerns should be addressed.

Finally, the date the notice became effective or was updated is required to be publicly
displayed.

HIPAA’s Security Rule – Your Rights Regarding Your Health Information

As a patient, you have control over who can see your information. The provider cannot refuse to provide information to you because you have unpaid medical bills.

Having access to your medical records puts you more in control of your health and medical information. When you request the information, you will be asked whether you would prefer to have it in printed form or online.

You have a right to have your records sent to a third-party person or entity upon written request. Choose wisely who you share your health information with. If the recipient is another doctor’s office, your information will be protected there under the same HIPAA rules they had at the original office.

Should you choose to have a printed copy to keep at home, store it in a lockable drawer or fireproof lock box for safe keeping. If it is an online copy, keep it carefully protected by a strong password that only you (and maybe your medical representative) have access to.

What Covered Entities or Organizations Must Follow HIPAA Rules?

  • Healthcare Providers who keep online electronic records
  • Health Plans such as Medicare, Medicaid, most insurance companies and HMOs
  • Clearinghouses that process medical information, such as for billing purposes

Business Associates, Contractors and Subcontractors

Other persons or organizations who assist covered entities in processing or storing protected patient information must enter into contracts assuring proper use and confidentiality/privacy handling of all online or printed information.

What Kinds of Personal/Medical Information Is Protected?

  • Information in your medical record placed there by doctors, nurses, and other health professionals
  • Discussions between your doctor and nurses/medical personnel about your care and/or treatment
  • Any information in your provider’s computer system that concerns you
  • Financial/billing information about you in the provider’s computer system
  • Most personal/medical information about you in the possession of those bound by the HIPAA regulations

Conclusion

HIPAA gives you the peace of mind that your valuable information cannot be disclosed to anyone without your written consent. It cannot be shared with your employer or for purposes of marketing or advertising.

Some exceptions are made for cases such as gunshot wounds which may be shared with law enforcement, information about epidemics (such as flu) provided to public health agencies, and information needed to safeguard the cleanliness and safety of nursing homes.