The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was initially enacted to ensure that a person’s health insurance coverage remained protected if that person changed jobs. In 1999, Congress added HIPAA’s Privacy Rule to the legislation to protect a patient’s health information. Generally, a person’s health information is confidential; there are, however, exceptions.
Laws May Authorize Disclosure
If a state or federal law authorizes medical disclosures, then the HIPAA privacy rule does not apply. Common examples of laws are legal process rules such as a subpoena or court-ordered disclosure. For instance, if paternity of a child is contested and a man is refusing to pay child support, a court may order that the man’s medical record containing genetic information be disclosed to determine the paternity of the child.
Disclosure for Public Safety Reasons
In 2009, many people in countries across the world were stricken with the H1N1 virus, a deadly flu virus. Health care professionals in the United States would be authorized to disclose health information of persons infected with H1N1 to public health authorities to control the disease. The HIPAA Privacy Rule, therefore, does not protect a person’s health information when the person has a communicable disease or if the person’s health must be disclosed for public safety reasons.
Other public safety reasons include when a health professional believes that the person whose health information is at issue may harm themselves or may harm someone else. Verified threats to commit suicide or to harm another person give rise to an exception to the HIPAA Privacy Rule. This way, health care professionals can report incidents to the proper authorities and hopefully prevent harm from happening.
Certain "Administrative" Disclosures Allowed
“Administrative” disclosures are disclosures made to various agencies such as collection agencies when medical bills are unpaid or the U.S. Department of Veteran Affairs so that the agency can determine a veteran’s eligibility for benefits. Other agencies, such as health oversight agencies, may have access to health information for audit and investigative reasons. Additionally, funeral directors, coroners, medical examiners and certain researchers who have institutional board review approval can access health records.