April 2003
Current Issue
Past Issues
About Us
Public Affairs
Baylor Home
A Matter of Health
Patient privacy - It's your right
By Ruth SoRelle, MPH
On April 14, 2003, your right to privacy as a patient – in the hospital, the doctor’s office and almost anywhere else – became federal law under the Health Insurance Portability and Accountability Act.
Not only does HIPAA, as the rule has become known, guarantee your right to keep facts about your health and health care private, it gives you access to information about your health that is kept in the records of physicians, hospitals and clinics.
The new federal rules have forced almost everyone in the health care arena to review their rules and practices. That is good. It means no one is going to blurt out your health care information in an elevator or at a clinic desk – however well meaning the communication is. It means that when someone, such as your employers, asks for information about your health, he or she is turned away. That information is yours and should stay that way.
Nothing about HIPAA is dramatically different from the practices that should have been in force already. For example, HIPAA lets you decide who may see your health information. HIPAA requires that you be given a privacy notice explaining how health care institutions handle your health information for the most common uses – treatment, payment and health care operations. You will be asked to sign a paper acknowledging that you have received this information. In some cases, HIPAA requires that you give written authorization for the use of your health information. For example, if a television station wants to do a story on a new treatment using a patient – you – then you must sign a special authorization allowing use of your personal health information for that purpose. If another office wants to use your picture and some information about your treatment for a fund-raising brochure, then again, you must give special written authorization for that.
One of the things that makes the HIPAA rules different is that they come attached to specific legal and criminal penalties if they are violated. Violations of the rule can cost an institution as much as $25,000 if they occur in the same year. Knowingly misusing health information without permission can result in fines of as much as $250,000 and jail time that can last as long as 10 years.
Discussing your condition in public or with someone who is not involved in your care is a violation as is looking up your name in a patient database to find your birth date. Your health information cannot be supplied to an employer, a lender or anyone who does not have a role in providing care to you or who does not fit into the “treatment, payment and health care operations” arena.
If a person involved in your health care shares his or her password to a computerized database of patient health information, that person has not only violated HIPAA, he or she has also violated Texas privacy laws.
HIPAA was originally passed in 1996. The privacy rules are the first to be passed into regulation, and it has taken much negotiation and fine-tuning to get them to this point. For most health care providers, it will change their practices very little. As with most laws, the privacy portion of this act was passed to protect you from a very few careless or malicious people.
HIPAA should not impede the progress of research or imperil the quality of your health care. As it goes into effect, there will doubtless be those who fall back on the old ways and speak when they should not. It is in their interest and yours that they be reminded of their obligations.
Privacy is your right as a patient. It is their responsibility.
| News | |
 |
Drug reduces decline in more severe Alzheimer's |
|
De-stress for success |
|
Computer surgery maps 'route' to perfect knee replacement |
|
Moderate weight loss has 'profound' effect on health |
| A Matter of Health | |
|
Patient privacy - It's your right |