Wipfli LLP - CPAs and Consultants
Affiliates Contact Us Careers Events About Wipfli
 
subscribe
Rate Content

 
View all Regulatory Compliance articles
Understanding Your Rights Under the New Health Care Privacy Rules
May 01, 2004

If you’ve been to the doctor or hospital recently, you’ve probably been given information about new privacy rules and you may have been asked to sign consent forms. You probably have received similar forms from your health insurance company. In April, the first-ever national privacy standards to protect your medical records and health information took effect. The new standards give you greater control over the confidentiality of your medical information.

In 1996, Congress passed the Health Insurance Portability and Accounting Act (HIPAA). This law contains a host of safeguards to protect the confidentiality and security of your personal medical information. Congress directed the federal government to write rules so health care providers could comply with the new law. It took the government six years to develop rules, which became effective in April.

Everyone in health care is impacted. Physicians, dentists, pharmacists, physical therapists, home health care workers, emergency medical technicians, mental health professionals, hospitals, clinics, nursing homes, insurance companies, Medicare, and Medicaid – all must comply with the new privacy rules. If they don’t, HIPAA authorizes the government to fine them or prosecute them in criminal court.

What’s protected

The new rules protect “individually identifiable health information.” In other words, they cover almost everything about your past, present and future physical and mental health. They also cover the treatment you receive and how it is paid for. The scope of the rules is very broad and, because they are new, there are sure to be problems. It’s important that you are proactive and make sure your personal medical information is kept confidential and secure.

New rights and protections

Here’s a rundown of your new rights and responsibilities:

--Access. You have the right to read and copy your medical records. If you spot errors, you can request that your health care provider correct them. Generally, health care providers must make your records available within 30 days of your request. You may have to pay for photocopying.

--Notice. Health care providers must advise you of your new rights and protections. Doctors, dentists, hospitals, and other direct-care providers will give notice in-house. Health plans generally will send a written notice by mail.

--Confidentiality. The new rules give you more control over the confidentiality of your medical information. You can request that your physician and other health care providers, including health plans, take reasonable steps to ensure the confidentiality of their communications with you. For example, you may ask your physician only to telephone you at home. If you are hospitalized, you can request that the hospital not disclose to anyone, including family members, that you are receiving medical treatment.

--Use of personnel information. Health care professionals and providers can share your medical information for purposes of treatment. They cannot share your information for non-medical purposes unless you agree. You must specifically authorize your health care provider to share your information with, for example, banks, life insurance companies and others. The new rules also contain tough prohibitions against disclosing patient information for product marketing.

-- Exceptions. There are some important exceptions. Most importantly, health care providers can disclose your personal medical information without consent in emergency situations, such as accidents and natural disasters. Health care providers also can release confidential information when national defense or security is threatened and in limited circumstances to law enforcement personnel investigating crimes. The new law also makes exceptions for court proceedings and public health needs. Sometimes, state laws require disclosure of certain illnesses, such as West Nile Virus and hepatitis. Industrial accidents and workplace injuries also are usually required by law to be disclosed. These take precedence over the new rules.

Enforcement

The new safeguards are enforced by the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS). OCR will investigate complaints from patients. Health providers that run afoul of the new rules risk stiff monetary fines. HHS also warned that it will refer egregious violations to the U.S. Department of Justice for criminal prosecution.