The Health Insurance Portability and Accountability Act (HIPAA) is a law which was enacted for the purpose of reforming healthcare in America. The Act has several objectives, including:
- Protect health insurance coverage for employed Americans with pre-existing medical conditions when they change or lose their job;
- Reduce healthcare fraud and abuse;
- Enforce standards for health information;
- Guarantee security and privacy of health information;
- Protect against unauthorized uses of information;
- Prevent disclosures of private information; and
- Preserve the reliability of the information.
What Types of Medical Information are Protected by HIPAA?
There is a wide variety of information which is protected from being disseminated under HIPAA, including:
- Financial Information;
- Administrative transactions;
- Health claim information;
- Program eligibility information; and
- Health insurance.
Who Must Follow the HIPAA Guidelines?
There are numerous entities in the medical profession which are required to abide by the guidelines provided by HIPAA, including:
- Physicians; and
- Health insurance providers.
How Does HIPAA Protect My Privacy?
HIPAA protects the privacy of individuals by its established federal standards which protect the security and confidentiality of the health information of patients. HIPAA limits how health plans, pharmacies, hospitals, and other entities are permitted to use a patient’s private medical information.
What Are Medical Health Records?
Medical health records are an individual’s documents which relate to:
- Medical treatments;
- Medical diagnoses;
- Surgeries; and
- Other medical information.
These records are usually kept by the individual’s health care institution, such as a hospital. Medical records may be quite exhaustive.
In some cases, medical records may contain extremely private information about a patient. In general, an individual’s medical health records cannot be accessed without their permission and without the patient receiving notification.
Medical health records may be consulted for various applications, including insurance applications or immigration requests.
Can a Person with Power of Attorney Access Medical Information?
There is nothing in HIPAA which alters the way a patient is able to grant another individual power of attorney for their health care decisions. The state or local laws which govern power of attorney will still apply.
There is nothing that needs to be altered or added in a power of attorney document to accommodate HIPAA regulations. Privacy rights which are granted to the patient pursuant to HIPAA are transferred to the individual with power of attorney for health care decisions.
If, however, a physician or other covered entity believes that the individual who holds the power of attorney is abusing the patient or otherwise endangering them, the physician or covered entity is permitted to refuse to disclose medical information if that would be in the best interests of the patient.
Can Information be Blacked Out Under HIPAA?
Yes, information may be blacked out pursuant to HIPAA using a process called de-identifying. Information from medical records which has been blacked out is referred to as de-identified patient data.
Pursuant to HIPAA, certain rules permit blacked-out or de-identified health information to be revealed to a third party and used without limitation. This process will remove specific identifiers or information which can be used to identify an individual, including their:
- Birth date;
- Household members;
- Employer; and
- Other information.
Do I Have the Right to See My Own Medical Records?
Yes, an individual has the right to review their own medical records. Usually, a healthcare provider or another holder of medical records must implement certain technical and administrative safeguards in order to ensure that the data contained within those medical records is not available to anyone.
An individual may request a copy of their medical records from their healthcare provider or the entity who holds the information. The holder of that medical record is required to supply the documents to the individual within 30 days.
It is important to note that although individuals do have the right to obtain their medical records, it is now unlawful for the healthcare provider or other entity to charge a fee for delivering a copy of those records. The costs for the service may differ by healthcare institution as well as by state.
Does My Employer Have the Right to See My Medical Records?
Typically, an individual’s healthcare provider is prohibited from providing any information regarding their health records to any individual or entity, including their employer. If, however, the individual’s employer is providing their health care plan, the employer is permitted to have some access to the individual’s medical information which should generally be kept from an employer.
An employer is only permitted to use the information in a capacity which is related to health care issues. Additionally, an employer is not permitted to share the data with any other employees of the business.
Can Medical Health Records be Accessed in a Personal Injury Lawsuit?
One particular concern related to medical records is whether they can be accessed for a personal injury lawsuit. In general, the communications between a doctor and a patient are confidential if they are made in connection with a lawsuit.
Although a medical health record will be created, the information is considered to be privileged, or confidential. Gaining access to medical records for a personal injury claim will be subject to various legal procedure rules.
For example, if an individual’s neck was injured as a result of a car accident and they consult with a physician in order to estimate the damage costs in a lawsuit, the other driver cannot have access to the consultation records. In some cases, however, this type of information may be required to be released upon an order of the court.
What if I am Involved in a Dispute Over Medical Health Records?
The unauthorized release of an individual’s medical health records is prohibited by law. This information is, in some cases, sought for the purpose of marketing and advertising.
For example, pharmaceutical companies may wish to obtain certain information to determine which types of medication are popular. Insurance companies may also seek to learn similar information.
These types of organizations are only permitted to access information in a way which is legal and in accordance with procedural rules. If an entity fails to abide by the legal requirements for accessing medical records, it may result in a health record privacy dispute.
In these types of cases, a plaintiff may be awarded damages for losses or injuries which resulted from the illegal accessing of their medical health records.
Do I Need a Lawyer Experienced with HIPAA Laws?
HIPAA laws may be quite complex. The penalties for violating the privacy rights of a patient under HIPAA may carry serious civil damages and criminal charges.
If you have any issues, questions, or concerns related to HIPAA, it may be helpful to consult with an insurance attorney. Your attorney can advise you regarding the laws, how they apply to your case, and whether you or your healthcare provider are in compliance with the HIPAA privacy requirements.
If you feel your rights have been violated under HIPAA, your lawyer can advise you of your rights and assist you with filing a complaint against the entity who violated your privacy as well as advise you whether you may be entitled to any remedies. If you are a healthcare provider or entity, your lawyer can review your policies and practices and ensure that you are in compliance with HIPAA requirements.