In 1996, the United States Congress enacted the Health Insurance Portability and Accountability Act (HIPAA). The act protects health care coverage for displaced workers, enforces national reporting standards for health care providers, insurance companies and employers, and also protects the privacy and security of medical information. The Office for Civil Rights is charged with enforcing and upholding the HIPAA Privacy Rule. The rule both protects citizens against unauthorized use of their health records and allows medical providers to access this information to provide medical care. There are many facets to the HIPAA release of information laws.
The HIPAA laws mean only authorized individuals or organizations can have access to your private medical records. Anything a doctor, nurse or other health professional has written or discussed about your personal medical treatment is confidential. Medical data held by your health insurance company is also confidential, as is any billing information held by a medical facility or your health insurance company. HIPAA restricts who can request and access your personal medical information.
Still, it is important your medical provider have access to your health history. That's why your information can be shared if it is needed for medical care. And unless you restrict it, people who may be involved with your health care such as your spouse, parents, family, or others may be informed about your treatment or your medical bills. Your information can be shared to assist providers in requesting payment for services. Other provisions include reporting gunshot wounds to the police, or protecting public health when there is an outbreak, such as the flu.
There are entities who cannot receive your medical information without your written permission, such as your employer or those who wish to use your information for advertising or marketing.
Your HIPAA Rights
As a consumer, you have rights when it comes to your medical records. Your insurance company and any medical providers must honor certain requests you may make. These requests include viewing and obtaining a copy of your medical records, making corrections to your medical records and knowing how and why your records may be or have been used. You also have the right to deny the use of your records for marketing or advertising purposes.
If your HIPAA rights are violated, you have a few options. You can file a complaint with your medical provider, health insurance company or the U.S. Government. It's a good idea to discuss your HIPAA rights with both your doctor and your health insurance company to ensure you are being protected.
There are some institutions that may have your health or medical information that are exempt from HIPAA laws, and are not required to follow the privacy and security rules. Your employer, life insurance company and workers compensation insurance company are all exempt. Certain schools and school districts are also exempt from HIPAA laws, as are state agencies and law enforcement agencies. It is important you understand your HIPAA rights before you consent to release any information to organizations who are not required to comply with the privacy and security rules.