What’s HIP About the Health Information Privacy

These days a growing number of Americans are fearful about the privacy of their health information. And probably for good reason. Clearly the likelihood of ones private data being disseminated to untold places is growing exponentially by the day as a result of the movement afoot to shift medical records from paper to the electronic age.

It used to be that the intimate details of your health history were secured in one location, typically on the shelves of a hospital or physician office. As a former health care administrator I have seen endless miles of patient files in the medical records departments and have often wondered how vulnerable they are to the curiosity of snooping eyes. With the advent of electronic systems the security of these records has become even more uncertain. Untold numbers of individuals who work for physician offices, hospitals, insurance companies, and myriad other businesses associated with the medical field now have access to this sensitive information. Even worse, this information has made its way into the hands of many hungry marketers eager to solicit your interest in their various products and services.

In part to address the growing public concern regarding the transfer, privacy, and security of health information, Congress passed the Health Insurance Portability and Accountability Act of 1996, otherwise known as HIPAA. Specifically the HIPAA Privacy Rule, which became effective in 2003, provides important provisions for most health care providers, health plans, and health care clearinghouses regarding the use and handling of patient health information.

Is there reason to believe that the confidentiality of your health information is at risk? This and a number of other issues related to medical privacy were the recent focus of a California HealthCare Foundation survey of 2,100 adults sponsored in conjunction with Forrester Research. The findings: Two-thirds of respondents indicated that recent media attention around security breaches have raised their concerns about privacy. In addition, 52% expressed concern about employers using medical information to limit job opportunities. In general, the results of this survey showed that while consumers have an awareness of the benefits of electronic medical records, they are generally concerned about their misuse and lack any appreciable knowledge about their privacy rights.

In light of the changing landscape relative to how health information is being stored and transferred, there is more reason than ever to care about your privacy. Regardless of how often you use the healthcare system it is important for you to have a basic knowledge of your rights under HIPAA as well as some basic steps that you can take to reduce the inappropriate dissemination of your information.

Here is a brief list of things to consider in your efforts towards developing privacy safeguards:

Access: For many years, patients’ right to their own medical records were governed solely by their state of residence with about half of these states imposing very strict restrictions on access. As is the case with laws governing credit reports, HIPPA now provides everyone with the right to see, copy and make requests to amend their own medical records. This is an important provision in that it allows you the opportunity to ensure that your information is accurate as well as request that incorrect information be corrected or amended.

It is also important to note that outside of a few exceptions, you can also find out who has accessed your records over the past six years. Again this provision this is very similar to the rights that you have with respect to your credit report.

Notices and Authorization: If you’ve recently had a first time visit to a new a doctor, picked up a prescription at a local pharmacy or were admitted to a hospital as an inpatient you likely received a HIPAA privacy notice which explains how your medical information will be used and disclosed as well details on how to file a complaint with your healthcare provider or government agency in the event of a violation. Just the other day my wife just received one along with a pile of other forms that she was asked to complete on her initial visit to a physician. It included an authorization form which if you are like most patients, you immediately sign without reading it.

A word to the wise: Read these authorizations carefully being particularly attentive to your options regarding restrictions and refuse to sign those that you are uncomfortable with. Always keep in mind that that if you fail to carefully review this information you may among other things end up authorizing the release of your health information into the wrong hands for the wrong reasons.

Raising Concerns: Given the growing public concern about the prevalence of identity theft, I felt compelled recently to let a medical office receptionist know that I would not be listing my social security number on the forms that they asked me to complete prior to my physician visit. My thinking was that all of my information was already in their computer so why should I fill out another form that has the potential to further expose my information. Their response? “Not a problem!” The message here is simple: If you have a concern about the safety of your information let your physician, insurance company, or any one else that has access to your sensitive information know about it. Despite the fact that there are laws in place to protect you, the safety of your information is ultimately your responsibility.

Private Discussions: During my health care administration days in the late 1980s, I was always taken aback by the number of physician conversations regarding patients that occurred in the hospital elevators, cafeterias, and other public locations. Fortunately HIPAA has quelled some of this chatter – a good move given the potential impact that it could have on a family member who inadvertently overhears a sensitive conversation about a loved one.

Did you know that you can choose who you want your medical information discussed with whether it be a family member, close friend, or relative? Were you aware that you can designate that telephone calls regarding your medical condition or treatment be made to you at home? These are among the small but important things to consider when it comes to protecting your privacy rights.

Complaint Filings: If you believe that a health care provider, health plan, or health care clearinghouse has clearly violated your privacy rights, HIPAA offers special provisions, which allow you to file a complaint. While registering a complaint may not lead to immediate changes, it does put those who have a responsibility for the privacy of your information on notice that their lack of concern will not be tolerated. Many who receive a complaint however are likely respond simply out of fear of the potential civil and criminal penalties that could be assessed if the feds were to go after them.

To demonstrate the importance of this type of privacy protection consider a recent visit of mine to a family physician. While I was checking in with the front receptionist I happened to notice some papers on her desk in plain view for everyone to see containing medical information on about a half dozen patients. These papers which I might add contained the patients’ social security numbers could easily have ended up in the wrong hands and created some major issues for the individuals affected.

In conclusion, while protecting your health information may appear to be an exercise in futility, you play an important role for yourself and others in assume accountability for those areas that you can control. The HIPAA Privacy Rule despite its shortcomings provides an underutilized mechanism for safeguarding the dissemination and integrity of this information – a rule that if we all make prudent use of could go a long way towards increasing the public’s support and confidence in electronic health records.

Leave a Reply

Your email address will not be published. Required fields are marked *


two − = 0