In 1996, the Health Insurance Portability and Accountability Act became law. The world of health care has not been quite the same since.
Some may argue that most of the resulting change has been for the better. Many others, including some patients, might argue that HIPAA is more trouble than it’s worth. Every time you see a doctor it seems you face having to fill out all the same forms over again.
And then, there are those who wonder if perhaps HIPAA isn’t being misused by medical centers for their own protection. The typical claim is that facilities, looking to protect themselves from possible hospital negligence claims, cite HIPAA to block the release of damaging information.
HIPAA, like any law, is subject to interpretation and misinterpretation. In some instances, it’s even led to providers denying patients access to their own medical records. For the sake of clarity, here is some basic background about HIPAA as provided by the government. It does not constitute legal advice, however.
To begin with, it’s important to know that there are two aspects of the law. The first protects the privacy of individual consumers’ identifiable health information. The intent of this Privacy Rule is to make sure patient information is protected against disclosure without the written approval of the patient or the patient’s personal representative.
There are only two exceptions. The first is if the patient or their representative requests the information or if the federal government seeks it to investigate complaints and assure compliance.
Protected information includes the patient’s name, address, date of birth and Social Security Number. But it also protects information related to their physical and mental condition, details of care and how care is paid for.
The second aspect is the Security Rule. This one establishes parameters for insurers, care providers and clinics to follow to specifically protect electronic health records. The main objective is to keep health information secure while making it possible for insurers and care givers to employ EHR systems appropriate to their needs.
The patient information protected is any that is created, transmitted, received or maintained in electronic format and the onus is on the so-called “covered entities” to keep their security technology up to snuff.
In the end, HIPAA is there to protect individuals. If it is suspected of being used to dodge accountability in the event of medical error, an attorney should be consulted.