Overview of HIPAA
Introduction
If you’ve been to the doctor’s office, a hospital or even a dentist office in the last decade you’re most likely familiar with the form you’re required to sign regarding your private health information and your rights. This is called the “Notice of Privacy Practices”. Have you ever read the form though? The wording can be intimidating, daunting or even boring depending on the length of the form but the information provided is crucial for all patients. We hope to shed some light on your rights under HIPAA and broaden your understanding.
HIPAA History
HIPAA is an acronym that stands for Health Insurance Portability and Accountability Act (HIPAA) of 1996 which was created initially to protect personal health information at a federal level. Congress enacted the HIPAA statute to provide uniform coverage of personal health information which later became an administrative rule that was passed by HHS in 2003 called the “HIPAA Privacy Rule” providing protection to “all types of health information equally” according to AHIMA. There were still limitations to the protection the “Rule” provided though as it primarily covered healthcare providers who performed electronic billing or transactions. In 2005, the HIPAA Security Rule was enacted to provide coverage for electronic health information. (Rinehart-Thompson, 2013, pp.43-69)
In order to keep this simplified, we won’t go any deeper into the history of HIPAA but if you’re looking for more information on additional acts or statutes that affect HIPAA such as the American Recovery and Reinvestment Act or the HITECH provisions, we have a more in depth course on HIPAA on our site: http://www.himrelevantacademy.com or check out the link below for free materials from HHS.
Click here for additional information and free materials: https://www.hhs.gov/hipaa/for-individuals/guidance-materials-for-consumers/index.html
How Does HIPAA Affect Me?
Now that we know what HIPAA stands for and why it was enacted, let’s get to the basics and unravel how HIPAA affects you and I without getting overly complicated. We know that we all have a right to privacy but what exactly does HIPAA cover? Remember, HIPAA does not cover or include every aspect of your life but is focused on your personal health information. There’s been plenty of misconceptions regarding what HIPAA covers in the last couple of years that we’d like to further clarify to eliminate confusion. The purpose of this post is to provide a broad overview of your HIPAA rights.
HIPAA Rights Simplified
Our individual HIPAA rights can be summarized into a the following statements for ease of understanding. Keep in mind, this is a simplified list rather than a full detailed explanation. Check the links above for more in depth information and free downloadable resources from HHS.gov.
Individual Rights Under HIPAA
- Right to Restrict Use and Disclose
- Right to Confidential Communication
- Right of Access to One’s Own Health Information
- Right to Amend Information
- Right to Accounting of Disclosures
Right to Restriction of Use and Disclosure: referred to as a patient’s right to “restrict providers from allowing certain access to a patient’s record for payment, healthcare purposes and treatment reasons”. (Rinehart-Thompson, 2013, pp.43-69)
Right to Confidential Communication: allows the patient to “request any billing or communication containing PHI (private health information) to be routed or delivered at the patient’s request to an alternative address”, for example. (Rinehart-Thompson, 2013, pp.43-69)
Right to Access One’s Own Health Information: individuals may request to both inspect and obtain a copy of the patient’s own health record. This right does not have an expiration date and the patient can request access from any healthcare provider where they were a patient. Most providers have their own requirements in order to gain access such as a written request, photo identification and within 30 days of the request, access must be provided. There are “exceptions when a provider can delay access by an additional 30 days”(Rinehart-Thompson, 2013, pp.43-69), however theses instances are rare especially with electronic medical records providing quick access.
Right to Amend Information: an individual can request to amend information within the patient’s own medical record. Providers may require a written request for the amendment and a reason the patient is requesting in order to facilitate. “Providers can also deny the request however must provide a reason in writing within 60 days of the initial request from the patient”. (Rinehart-Thompson, 2013, pp.43-69)
Right to Accounting of Disclosures: provides the patient the right to request an account of every disclosure of the patient’s health information excluding those disclosures completed for payment, treatment and to the individual’s own record. Providers are required to keep a detailed record of PHI disclosures in order to track disclosures. The implementation of electronic medical records has made this process easier for Health Information Management departments. (Rinehart-Thompson, 2013, pp.43-69)
Summary
HIPAA can be very complex when patients are unaware of their individual rights to access their own health information. HIPAA is also complex for healthcare providers as they are required to abide by the HIPAA rules. Handling each request for information as a “case by case”request can ensure HIM departments are responding to patient requests in a timely manner while adhering to all HIPAA regulations. It is just as important that individuals know their own HIPAA rights as well. A greater understanding of our individual rights under HIPAA can also help our loved ones learn about HIPAA through conversations with our families. Each of the rights discussed above are not “all inclusive”. If you’d like more detailed information regarding HIPAA Privacy and patient rights, I have provided a link below to the HHS website as well as a button above with a printable pdf for your reference. (Rinehart-Thompson, 2013, pp.43-69)
If you’d like to receive a free quick reference resource, you can request your reference below. You’ll find this reference tool to be a great quick way to review some of the more common HIPAA situations and can be used to help family members learn more about their individual rights.
References:
- HHS. (n.d). Summary of the HIPAA Privacy Rule. https://www.hhs.gov/sites/default/files/privacysummary.pdf
- Rinehart-Thompson, Laurie A. (2013). Introduction to Health Information Privacy and Security. American Health Information Management Association.