Yes, this process is called de-identifying. De-identified patient data is health information from a medical record that has been blacked out. All details that can identify a patient are hidden from a third party.
Under the HIPAA laws, certain rules allow blacked-out or “de-identified” health information to be revealed to a 3rd party and used without limitation. This process removes specified identifiers or information that can identify a person, such as the patient’s birth date, household members, employers, etc.
What Is HIPAA?
The Health Insurance Portability and Accountability Act (HIPAA) was passed to reform healthcare in America. HIPAA has several objectives:
- Protect health insurance coverage for working Americans who have pre-existing medical conditions when they change or lose their jobs
- Lower healthcare fraud and abuse
- Implement standards for health information
- Guarantee security and privacy of health information
How Does HIPAA Protect My Privacy?
HIPAA designated federal standards to safeguard the protection and confidentiality of a patient’s health data. It restricts when and how health plans, pharmacies, hospitals, and other entities can use a patient’s private medical data.
Can a Person with Power of Attorney Access Medical Information?
Nothing in HIPAA changes how a patient can give another person power of attorney for health care decisions. The normal state or local law governing power of attorney still applies, and nothing needs to be added to or changed in the power of attorney documents to accommodate HIPAA regulations. Privacy rights given to a patient under HIPAA are assigned to the individual with power of attorney for health care decisions.
However, suppose a doctor or other covered entity thinks that the individual with power of attorney has been abusing the patient or threatening the patient. In that case, the doctor or covered entity is entitled to refuse to disclose the medical information if it would be in the patient’s best interest.
Do I Have the Right to See My Own Medical Records?
An individual does have the right to view their medical records. Typically, a healthcare provider or any other holder of medical records must implement certain technical and administrative safeguards to ensure that data within those medical records are not available to anyone.
Nevertheless, an individual can request a copy of their medical records from their healthcare provider or whoever else holds the information. The holder of that information must supply the documents to the person within 30 days.
It is important to note that while people have the right to obtain their medical records, it is not unlawful for their healthcare provider to charge them a fee for delivering a copy of the records. These costs may differ by state as well as by healthcare institution.
Does My Employer Have the Right to See My Medical Records?
An individual’s healthcare provider is typically prohibited from discharging any information regarding their health records to anyone, including their employer. If, however, the person’s employer is supplying their health care plan, they are allowed to have some access to the person’s medical information, which should generally be kept secret from an employer.
The employer is only allowed to use this information in a capacity related to health care problems. In addition, the employer is not allowed to share this data with any other employees in the business.
Can My Employer Disclose My Own Medical Records to Anyone?
Several federal laws protect against the disclosure of employee medical records in the workplace. Although the language of each law is slightly distinct, the consensus is that an employer is held to strict confidentiality regulations when dealing with obtaining and revealing the medical information of its workers.
Unless a human resources worker, supervisor, or manager has a legitimate need to know, an employer that reveals private medical data is most likely breaking the law. Depending on the circumstances of the case, an employee may be able to file a federal complaint and pursue compensation for the damages they suffered through a civil lawsuit.
Federal laws governing the privacy of medical records include:
- The Family and Medical Leave Act (FMLA);
- The Americans with Disabilities Act (ADA);
- The Genetic Information Nondiscrimination Act (GINA);
- The Pregnancy Discrimination Act (PDA); and
- The Health Insurance Portability and Accountability Act (HIPAA).
There are only four circumstances where it may be acceptable for an employer to share an employee’s private medical data. It is essential to mention that these are exceptions to the rule, not the rules themselves.
These exceptions may include revealing information to:
- A manager or supervisor when that medical information is necessary to deliver reasonable accommodations for an employee, which generally falls under the ADA;
- Safety personnel and first aid providers if that worker should need emergency medical treatment;
- Authorized personnel in the course of a state or federal workplace investigation; and
- Authorized personnel in the course of a worker’s compensation or an insurance claim.
Do I Have to Disclose Information about Therapy Sessions?
Mental health providers, including therapists and psychologists, are not required to disclose information regarding mental health and generally do not do so unless they get consent from the patient.
Employees cannot be denied benefits from a health plan merely because they have not revealed private data regarding their mental health.
What is the Privacy Rule Added to HIPAA?
In 2002, the Privacy Rule was added to the Health Insurance Portability and Accountability Act (HIPAA) of 1996. For the first time, this rule established national standards to protect the privacy of personal health information. This rule works in collaboration with state law, such that, where clashing, the more strict provision will rule.
The Rule permits blacked-out, redacted, or “de-identified” health information to be disclosed and used without restriction. This process removes specified identifiers, such as the patient’s birth date, household members, employers, etc. De-identified health information does not identify or deliver a reasonable basis to identify a patient.
Most cases have permitted the use of medical records with names blacked out. Yet, a recent court decision did not permit the disclosure of medical information of 45 women who had late-term abortions, even if their names were blacked out. The court stated that it would still be an invasion of privacy because it would be emotionally challenging for the women to comprehend that their records were being accessed.
Another element coming from the case is that an attorney needs to have a sound reason to get the medical records.
Who Is Covered by the Privacy Rule?
The Privacy Rule under HIPAA applies to all health plans, healthcare provider homes, and any healthcare provider that transmits health information in an electronic form. Individual and group plans that supply or pay the cost of medical care are covered entities.
Do I Need an Attorney?
HIPPA laws and regulations regarding medical claims can be very complicated. Medical cases can be costly to pursue because they concern extensive research. Transgressing a patient’s privacy rights under HIPAA can carry serious criminal charges and civil damages. The benefit of an attorney would be invaluable.
An attorney can explain the law to you and ensure that you comply with HIPAA’s privacy requirements.
If you feel your rights have been violated under HIPAA, you may want to contact an insurance lawyer. Your attorney can advise you of your rights, help you file a complaint against the specific agency that transgressed your privacy through the illegal use of your records, and let you know if you may be permitted to any remedies.