Privacy has always been the right of the patient in any medical setting. No unauthorized person or entity has ever had the right to access medical records. However, it was not as stringently enforced until the Heath Insurance Portability and Accountability Act (HIPAA) was enacted in 1996. This gave patients much more legal ground to stand on if they felt their medical information was compromised, shared, or used in any other way except for their best interests in their plan of care.
Many medical providers and entities are legally bound by HIPAA rules, including:
- doctors and nurses
- nursing homes
- physical, occupational and speech therapists
- medical social workers
- health insurance companies
- company health plans
- Medicare and Medicaid
Clearly, if a medical professional discusses your situation with friends, family, or anyone who is not directly involved in your care, this is a breach of medical confidentiality. However, there are many other situations that can play out that may compromise the security of your medical information.
Consider the following scenarios, and decide which ones are an illegal violation of your medical privacy:
A: Your doctor greets you in a restaurant near other diners, asking you if you are feeling better. She goes on to say that your tests came back normal.
B: Two nurses are talking at the desk in front of patient visitors. One says to the other, “That lady in room 122 lives close to you on Spruce Street—do you know her?”
C: A physical therapist recalls a patient from a previous hospital stay several years ago. He is not currently treating the patient, but looks up her information online to see why she is in the hospital this time.
D: A secretary leaves a patient file open on the counter where other outpatients can see it.
E: All the above.
The correct answer is E: all the above are HIPAA violations.
HIPPA is the Health Insurance Portability and Accountability Act which was enacted in 1996. While it is a complex code of rules that govern the transmission of private health information between providers and insurance companies, most of us are most familiar with the aspect of the Act that governs our rights to privacy. Other objectives of the Act were designed to combat waste and redundancy, as well as to fight fraud and abuse in the health care system.
You may tire of signing forms that indicate your understanding of these privacy policies, but they are in place to protect your private information and your security.
Most medical personnel are dedicated to preserving your privacy at all costs. Most do not intentionally disclose your information for their personal gain, although there are some cases whereby medical information such as your Medicare number may be sold for illegal monetary gain. This unfortunate circumstance is not the focus of this article, but as a rule, NEVER GIVE OUT YOUR MEDICARE OR INSURANCE INFORMATION TO A PERSON OR ENTITY YOU ARE NOT FAMILIAR WITH. If you ever feel that a situation isn’t on the up and up, it may not be. Trust your gut, and withhold this information. Check out the source who is requesting it. You have nothing to lose but your personal medical security.
If you feel that the security of your private information has been compromised, you have the right to proceed with action against the party in question.
The Department of Health and Human Services maintains their website with a section dedicated to health information privacy. www.HHS.gov extensively covers the procedures for filing a complaint online, but also offers directions for filing a complaint in writing.
Anyone who files a complaint is legally protected from retaliation from the provider in question.
Most larger hospitals have a privacy officer. Smaller offices and practices may not have such a department, but they will have a contact person who can provide you with information regarding the actions you need to take if you are interested in filing a complaint.
Privacy regarding your medical matters and records is an important aspect of health care. You have the right to the degree of privacy you desire, and if you feel you are not getting it, check out the website maintained by Health and Human Services noted above, or talk to the privacy officer of the practice, if there is one. You are free to bring up your concerns to any staff member if there is not an officer.
You are the patient, you are the customer. You have the right to privacy, so don’t hesitate to make sure you get it.