What PA members should know about HIPAA
by Sue Bice
Since HIPAA was enacted on April 13, 2003, many people have asked me questions about it. HIPAA is a complex legislative act with four primary aspects, but I’d like to take this opportunity to simplify things a bit and to review what general PA members should know about HIPAA.
HIPAA is the Health Insurance Portability and Accountability Act that established for the first time national standards protecting the privacy of health information. The enactment of HIPAA has given consumers several rights:
- the right to access their own health information (including their own medical records)
- the right to make amendments to its content
- the right to an accounting of the disclosures made concerning their health information.
Before HIPAA, New York had already granted citizens 18 and over access to their own medical records in 1987. As part of this law (PHL Section 18), individuals were also given the right to inspect their own records and to receive copies. So the greatest impact of HIPAA on New York residents is the accounting of disclosures; this means that you can see a list of all people that your doctor has released your records to.
If you haven’t done so already, you should periodically ask to review your medical records. You have the right to inspect or request copies of your records. At an individual doctor’s office, ask the administrative assistant for copies; at a hospital or clinic, ask for copies at the Health Information Department or Office (aka Medical Records).
Knowing this can help PA members in several ways. For example, a while ago, I attempted to get life insurance but was turned down. I asked the insurance company why, and it turns out that one physician had documented that I was a smoker on two separate occasions. I am not a smoker and never have been! So I contacted the physician asking that he make an amendment to his documentation. He didn’t, so I took matters into my own hands and requested access to my medical records. I placed an amendment in the medical record–as close as possible to the incorrect information–and subsequently received my life insurance policy.
Here’s another thing you should be aware of. Notices of Privacy Practices are routinely provided to people entering hospitals, along with the Patient’s Bill of Rights. A person signs both to acknowledge their receipt. However, most people never read either document or, if they do, it’s after they have gone home. Pharmacies also must provide their customers with the Notice of Privacy Practice and must obtain the customer’s signature indicating receipt. Most are pretty careful about following this policy. For example, shortly after HIPAA was enacted, I was asked to sign for my dog’s prescription medication! I had to sign my dog’s name, then mine, followed by the word “owner” in parenthesis to receive her medicine. Needless to say, I had a good chuckle.
Other consequences of HIPAA are more serious. Ever wonder why you receive certain mailings targeting the medications you are taking or a condition you might have? Ever wonder why the department of health has contacted you, asking you to participate in a specific diagnostic study? The answer is that state law requires all new cases to be reported. While health care providers cannot sell lists of patients/enrollees to third parties without authorization, they may disclose some public health information without authorization, such as vital statistics, child abuse/ neglect, and newly diagnosed cases of cancer, Alzheimer’s, HIV, etc.
Therefore, you should know that when being asked to sign an authorization form to release your health information, you have the right to restrict what you disclose. I always cross off the phrase that says “all and any health information” and write in “minimum necessary.” If you have questions relating to HIPAA, don’t hesitate to contact me in Health Services.