Right to Medical Privacy: HIPAA
The Health Insurance Portability and Accountability Act, commonly known as HIPAA, was passed by the United States Congress in 1996.
To comply with the law’s mandate, the Department of Health and Human Services (HHS) developed two rules: the HIPAA Privacy Rule and the HIPAA Security Rule. Next, we will see what protections HIPAA contains and how they are put into practice.
What does HIPAA protect?
The Standards for the Privacy of Individually Identifiable Medical Information, or the Privacy Rule, establish national standards for protecting certain personal health-related information.
The Security Standards for the Protection of Protected Electronic Health Information or the Security Rule, establish a series of national security standards to protect certain information stored or transferred electronically.
These rules are designed to protect sensitive personal information about patients’ health records. On the one hand, the Privacy Rule determines how, when and to whom this information can be disclosed. On the other hand, the Security Rule determines which are the protections that organizations have to implement to protect said information.
How is HIPAA privacy protection implemented?
The Security Rule makes it possible to put the protections of the Privacy Rule into operation because it addresses the technical and non-technical protections that organizations have to put in place to protect the health information of individuals.
This rule clarifies that covered organizations (such as doctors and health insurance companies) must make reasonable efforts to ensure that protected patient information is kept confidential through regular electronic communications.
For example, a patient might require that all telephone calls and written correspondence be directed only to his home and not to his place of work. In addition, the patient can request that all the information be sent via email.
Each organization responsible for handling medical information must ensure that it has policies and procedures to protect the privacy of individuals in accordance with HIPAA. Each entity must also have a designated person responsible for putting these policies and procedures into practice appropriately.
What are the exceptions to HIPAA protection?
If the information in medical records is something that the health care provider or insurance company must disclose by law, then HIPAA protection does not apply.
For example, if a child’s medical record indicates injuries due to child abuse, then the health care provider is required to report that fact to the police in most states.
An individual always has the right to the information contained in his medical record or medical bill payment history, within 30 days of making the request. In addition, your personal health information may be disclosed if the patient has given authorization to release it.
For example, a doctor may share the information with the person’s employer with prior approval from the patient. However, the doctor has an obligation to disclose only the relevant information required to achieve the purpose of the disclosure.
Also Read : Difference Between Medicare and Medicaid
What to do if your HIPAA privacy rights have been violated?
The law requires that each entity covered by HIPAA have a complaint procedure. This is necessary so that a patient who believes that their rights have been violated can file a lawsuit. A patient can also file a complaint with the Department of Health and Human Services, Office for Civil Rights.
Some critics argue that the rules are too strict and make it difficult for interested parties, such as relatives, to obtain important information.
However, supporters of the law argue that the law provides the protection patients need. Ultimately, HIPAA privacy standards are intended to protect the patient and allow them to control the disclosure of their own medical information. Therefore, whether you support or oppose the law, it is important to understand its provisions and how they may apply to you.