HIPAA-Protection of Patient Privacy
What is HIPAA?
HIPAA stands for Health Insurance Portability and Accountability Act. The federal law originated in 1996 and protects the privacy of a patient's personal and health information. The purpose of HIPAA is to keep medical records and other individually identifiable health information completely private. HIPAA gives patients increased control over their health information.
You've probably signed plenty of HIPAA forms. HIPAA is very important to health care providers of all specialties because patient privacy is a top priority. Doctors, dentists, optometrists, and other healthcare providers are required under HIPAA to provide each patient with a Notice of Privacy Practices at the time of their first visit. Patients must provide a signature, agreeing that they have received a copy of the HIPAA privacy practices. A signature is only required once, no matter how many times you visit the provider.
How do you feel about HIPAA?
My experience so far with HIPAA has been:
What information does HIPAA protect?
Information protected by HIPAA includes anything oral or recorded in any form or medium. All information, whether in the past, present, or future, is safeguarded. Physical and psychological health conditions, provisions of care, and payment information are all protected. Examples of protected health information:
- Patient's name, address, birthdate, age, phone and fax numbers, and email addresses
- Medical records, diagnoses, lab work and test results, medical images, and prescriptions
- Billing records, claim data, referral authorizations, and explanations of benefits
- Electronic records, paper records, and oral communications
Healthcare providers are obligated to carefully manage and protect patients' personal information. Healthcare providers are allowed to use patient information for treatment of the patient, payment of bills, and healthcare operations, such as audits, quality improvement, teaching, and government reporting.
Access to healthcare information by healthcare providers is based on "need to know" and "minimum necessary" principles. Healthcare workers should only access information if it is necessary for providing the best patient care. When information is accessed, only the minimum amount of data necessary should be retrieved. Information can be communicated between healthcare providers, such as nurses, doctors, pharmacists, and lab technicians, as long as they are involved in the patient's care. Information may also be communicated to family and friends of the patient if they are involved in the patient's care, unless a patient has objected to sharing personal information. Parents, guardians, and medical powers of attorney can be spoken with as if they are the patient.
What are the rules about disclosing personal information?
Under HIPAA, personal healthcare information can be released to law enforcement without patient permission under certain circumstances. These include:
- Court orders and subpoenas
- Identifying suspects, witnesses, or missing persons
- Reporting about victims of crime, neglect, or abuse
For any other uses, an authorization form must be signed by the patient prior to the release of information. There is special protection for:
- Psychotherapy notes
- Drug and alcohol abuse treatment records
- Research records
- Communicable disease information
- HIV/AIDS status
- Genetic testing
- Evaluation and treatment of mental health disorders
Mental illness medical records have additional safeguards under the law and are treated differently from other types of medical records. Patients being evaluated and treated for mental health problems have the option to be excluded from the facility directory. The facility directory is like a roster of all the facility's patients. HIPAA allows patients with mental health disorders or substance abuse problems to be treated and or admitted under complete confidentiality. Victims of violent crimes and abuse are also excluded from the facility directory, giving them complete anonymity.
HIPAA requires health care workers to protect patient privacy. Employees who do not comply can face disciplinary action. Privacy violations can occur in many different ways. A nurse and physician discussing patient information in a crowded elevator is a verbal violation of patient privacy. Faxing personal health information to the wrong number is another example of a privacy breach. Criminal penalties for wrongful disclosure can be as high as $250,000 and up to 10 years in prison. Healthcare workers are educated regularly on HIPAA guidelines.
In a world where identity theft is unfortunately common, access to patient information must be highly restricted. HIPAA prioritizes patient privacy. So the next time you're signing pages upon pages of forms at the doctor's office, remember that HIPAA is very important because it protects your irreplaceable personal information.