People in the health industry know how important confidentiality is to the patients when it comes to their medical records. Whatever transpired on a consultation between a doctor and a patient is a confidential matter. The Health Insurance Portability and Accountability Act (HIPAA) sets the rules relating to patient’s right to privacy. This law sets limits of who can share patient health information and what information is shared. It must be noted there are important information where the doctor needs to relay to another health practitioner to help treat a patient. Health care providers also need some information to know the extent of your medical coverage. The HIPAA identifies who are subjected to the privacy rules, what information are protected and what are the rights of the patients.
There are selected entities that are covered by the rules. It includes health insurance companies, health care providers like doctors, hospitals, pharmacies, dentist and clinics and health care clearinghouses that process health information. It must be noted that other entities are not bound to follow the law. This includes employers, schools and law enforcement agencies. Therefore, whatever health information a person shares to these entities, it is not covered by HIPAA.
The important aspect of this Act is the protection of a person’s health information. In the Summary of the Privacy Rule taken from the US Department of Health and Human Services website, protected health information includes “(1) the past, present and future medical condition of a person (2) medical treatment and care that were administered and provided (3) the past, present, future payments for the provision of health care”. The law requires the covered entities to ensure safeguards to the person’s information by limiting the disclosures to the minimum required to meet whatever the purpose is for acquiring the information. A person can ask for a copy of his own medical records and request changes if needed. A person can also know who requested access to his medical records, when it was access and for what purpose. If the medical information is used for marketing purposes, the law requires the permission of the patient before disclosing it to business associates.
It is clear that this law does not give the individual sole ownership to his medical records. It only sets rules and limits to those who can look into the medical records. Confidentiality should not be a barrier to receiving the quality health care that is needed for the person’s medical condition. Such information is needed to be shared to concerned doctors and health providers to help them find the correct treatment for the patient concerned. At the very least, this law explains to patients how their medical information is protected and used.
In addition to the privacy rules, the HIPAA sets standards to ensure the integrity and security of health databases. Thus, the covered entities are required to submit security plans for their information systems. Should a person find privacy and security violations in his medical records, a complaint could be file in the Office of Civil Rights.