HIPAA is a federal law that protects your medical information and history.
Doctors, health insurance companies, and third-party providers must follow HIPAA.
If you suspect someone has violated HIPAA, you can report it to the Office for Civil Rights.
The Health Insurance Portability and Accountability Act of 1996, or HIPAA, is a law that ensures your privacy and security by protecting your health information.
The law "offers robust safeguards for electronic health information, limits how your identifiable health information can be used or disclosed without your permission, and provides patients and health plan members with a number of privacy rights, such as the right to access and amend their medical information," says Adam H. Greene, JD, MPH, partner at Davis Wright Tremaine LLP.
Here's what you need to know about the entities held accountable under HIPAA, how the law protects your information, and what to do when your rights have been violated.
How does HIPAA affect my medical information?
To understand how HIPAA affects your medical information, it's helpful to know who must comply to HIPAA privacy standards as required by law. Individuals or organizations with access to your medical information are called "covered entities," and they include:
Healthcare providers, such as doctors, dentists, psychologists, clinics, and nursing homes
Health plans, like as health insurance companies, Medicare, Medicaid, and veteran healthcare programs
Healthcare clearinghouses, which are public or private entities that facilitate the processing of health information, such as billing services, community health information systems, or repricing companies
Business associates, or those outside a covered entity's workforce who engage with them to provide services, such as consultants, third-party administrators, or independent medical transcriptionists.
What information is protected by HIPAA?
Health information collected and used by covered entities to provide health care is protected under HIPAA. These include:
Personal information, like your social security numbers, Internet Protocol (IP) address, finger or voice prints, emergency contact information, and other characteristics that could uniquely identify you
Medical records, such as diagnoses, clinical laboratory test results, prescription, or treatment information
Medical images like X-rays and other photographs that can be linked to a patient
Clinical case notes
Billing and payment records, as well as insurance information
To protect your medical information, you should carefully read privacy policies and authorizations for the release of medical information before signing them, says Greene. Ask your healthcare provider if you have any questions regarding any of your HIPAA forms to avoid accidentally disclosing health information to a third party who is not a covered entity.
Why is HIPAA important?
The law protects your privacy and the sensitive information about your health by limiting how it can be used or disclosed without your consent or knowledge.
HIPAA also gives you control over your medical records, which means the law allows you to access your medical information from healthcare providers. No healthcare provider under the HIPAA law can withold documents from you should you request them.
Let's take an extreme example: Say you have been in a situation where medical malpractice was involved and you want to obtain your medical records from that procedure. That doctor and/or hospital cannot legally withhold those documents from you upon your request.
"While physicians have always had confidentiality obligations and many states had medical privacy laws before HIPAA, the HIPAA regulations created the first national, comprehensive framework for privacy and security of health information in the U.S.," says Greene.
It's important to note that in some cases personal representatives - such as parents or guardians of a minor - have the authority to act for an individual and exercise their rights.
Covered entities can use and disclose your protected health information without your authorization for certain situations, such as:
Providing treatment and other health care operations
Obtaining payment for health care services
For public interest, like judicial and administrative proceedings, essential government functions, and whenever required by law
"Each permission has a set of criteria to help protect privacy," says Greene, adding that during an emergency, like if you are hospitalized, institutionalized, or disabled, "a covered entity may disclose relevant portions of your medical information to someone involved in your care, exercising professional judgment to determine what is in your best interest."
Your medical information is still protected by HIPAA 50 years after your death to ensure that your rights will not be violated. During this period, family members, and whoever has the authority to act on behalf of your estate, will have the right to access your medical information or authorize its disclosure to others.
What happens if someone violates HIPAA?
If you suspect that your rights have been violated, you can file a complaint to the OCR or your healthcare provider's privacy officer so they may launch an investigation. However, this means that you can't take legal action or bring lawsuits against a HIPAA violation, says Greene.
Common HIPAA violations
According to Greene, it is a HIPAA violation when a covered entity does any of the following:
Disclose someone's medical information without a valid reason, such as to gossip
Refuse to provide a patient or health plan member with access to certain medical information
Fail to properly safeguard medical information, such as leaving a patient's medical records behind on a train or losing a USB drive with medical records
For more examples of HIPAA violations, visit the U.S. Department of Health & Human Services (HHS)'s list of case examples. To see institutions that had large breaches of medical information affecting 500 or more individuals, you can check the OCR's list of cases that are currently under investigation.
HIPAA gives you the right to control how your health information is used and disclosed. Protected health information includes your personal details, medical records, and payment information.
Healthcare providers, insurance companies, clearinghouses, and their business associates are held accountable under the HIPAA and must abide by its rules.
If you feel that your rights have been violated, you must file a complaint to the Office for Civil Rights or to the healthcare provider's privacy officer to start an investigation.
Related stories from Health Reference:
Read the original article on Insider