When a person has health insurance coverage, they are required to pay the insurance company premiums in exchange for having the insurance company pay their medical bills. The cost of insurance premiums will vary depending upon the person’s coverage plan. Pursuant to health insurance laws at the federal level, health insurance coverage is not mandatory as of January 1, 2019. However, some states still require individuals to have health insurance coverage in order to avoid paying a tax penalty.

The Health Insurance Portability and Accountability Act (“HIPAA”) was enacted to reform healthcare in America. HIPAA’s main objectives include:

  • Protect health insurance coverage for working Americans who have pre-existing medical conditions when they change or lose their jobs;
  • Reduce healthcare fraud and abuse;
  • Enforce standards for health information; and
  • Guarantee security and privacy of health information.

HIPAA established federal standards to protect the security and confidentiality of a patient’s health information. The Act limits when and how health plans, pharmacies, hospitals, and other entities can use a patient’s private medical information.

It is important to note that nothing in HIPAA changes the way that a patient can grant another person power of attorney for health care decisions. State or local law governing power of attorney still applies, and nothing must be added to or changed in power of attorney documents in order to accommodate HIPAA regulations. Privacy rights granted to a patient under HIPAA are transferred to the person with power of attorney for health care decisions.

However, if a physician or other covered entity believes that the person with power of attorney has been abusing or is otherwise endangering the patient, the physician or covered entity is permitted to refuse to disclose the medical information. This is allowed only if it would be in the best interest of the patient.

What Are Patient Privacy Rights Laws?

A person has the right to view their own medical records. Generally speaking, a health care provider or any other holder of medical records is required to implement specific technical and administrative safeguards to ensure that information within those medical records is not accessible to just anyone.

However, a person can request a copy of their own medical records from their healthcare provider, or whomever else holds the information. The holder of that information is required to deliver the records to the person within 30 days. It is important to note that while a person has the right to obtain their own medical records, it is not illegal for their healthcare provider to charge them a fee for providing a copy of their records.

If a person’s employer is providing their health care plan, they are allowed to have some access to their medical information which would generally be kept confidential from an employer. However, the employer is only permitted to use this information in a capacity which is related to health care issues. Additionally, the employer is not permitted to share this information with any other employees in the company.

There are several federal laws which protect against the disclosure of employee medical records in the workplace. The general consensus is that an employer is held to strict confidentiality rules when acquiring and disclosing medical information of its employees.

Unless a human resources employee, supervisor, or manager has a legitimate need to know, an employer that discloses private medical information is likely breaking the law. An employee may be able to file a federal complaint and seek compensation for the damages that they suffered through a civil lawsuit.

Federal laws governing privacy of medical records include:

  • The Family and Medical Leave Act (“FMLA”);
  • The Americans with Disabilities Act (“ADA”);
  • The Genetic Information Nondiscrimination Act (“GINA”);
  • The Pregnancy Discrcimination Act (“PDA”); and
  • The Health Insurance Portability and Accountability Act (“HIPAA”).

There are only four circumstances in which it may be permissible for an employer to share an employee’s private medical information; these are exceptions to the rule, not rules themselves. These exceptions may include disclosing information to:

  • A manager or supervisor, when disclosure is necessary to provide reasonable accommodations for an employee under the ADA;
  • Safety personnel and first aid providers, if that employee needs emergency medical treatment;
  • Authorized personnel in the course of a state or federal workplace investigation; and
  • Authorized personnel in the course of a worker’s compensation or an insurance claim.

Do I Have The Right Of Privacy For Medical Information In California?

California state laws, as well as new federal regulations, provide patients rights to help keep their medical records private and confidential. As such, every California medical patient has limits on who can view and see their health records. They can also set limits on what and who can see their medical information. Sharing of medical information can be a problem because information contained within your medical records may be used against your best interest.

Examples include how:

  • Your employer may inquire if you have a mental problem or a serious disease that could cause you to perform poorly at work;
  • Insurance companies seek to access medical information in order to increase your premiums; and
  • Attorneys may access medical records to stop you from winning a lawsuit.

California has stringent privacy making it difficult for other people to access your medical information. Unlike the Federal Constitution, the California Constitution specifically protects a person’s medical information privacy.

The premier medical privacy statute in California is the Confidentiality of Medical Information Act (“CIMA”). CIMA protects the medical history, condition, and treatment of ailments, including:

  • Sexually transmitted diseases;
  • Rapes; and
  • Mental diseases and disabilities.

A healthcare provider cannot disclose medical information unless authorized by the:

  • Proper court of law;
  • Law enforcement or health agency; and/or
  • Other governmental entities.

Another California medical privacy statute would be the Insurance Information and Privacy Protection Act (“IIPPA”). IIPPA prevents insurers and their agencies from revealing certain medical information obtained about a client. Additionally, the Lanterman-Petris-Short Act broadly prohibits providers of healthcare services from disclosing patients’ private information, except to the courts as necessary.

What Else Should I Know About Privacy Of Medical Information In California?

Medical information privacy laws keep Californians secure in the knowledge that they will not be fired from their jobs for consulting with a doctor about their medical health issues. In order for a health care system to work, patients need to have complete trust and confidentiality that their doctor will not share their private health information with the public.

California employees can limit what health information their employer has access to, or even prevent their employers from receiving most health information about them. Doctors, insurance companies, and other healthcare providers must ask for an employee’s written permission before they can give medical health information to the employer.

California patients can give consent to share and disclose their health information by signing an authorization that describes:

  • What they are disclosing;
  • The person who is receiving the health information; and
  • The purpose for the use of the information.

Violations of privacy rights are generally remedied through a civil lawsuit in which a damages award may be issued in order to compensate the plaintiff for losses caused by the violation. An example of this would be the improper disclosure of health records which causes a person to lose a personal injury suit. Upon discovery of the abuse of privacy rights, it may be necessary to file an appeal in order to review the use of the medical records in the personal injury suit.

Do I Need A Lawyer For Help With Privacy Of Medical Information In California?

If your medical information privacy rights have been violated, you should consult a California employment lawyer. Your employment attorney can help you understand your legal rights and options according to California law, and will also be able to represent you in court, as needed.