A few years ago, the HIPAA Privacy Rule went into effect to address people’s growing concern about personal medical records becoming public information. But what you may not realize is that even with the laws currently in existence; your “private medical business” can be legally accessed by hundreds of strangers.
The HIPAA Privacy Rule deals with how medical information is accessed and handled. Under the law, you are given certain rights and “covered entities” (healthcare providers, health plans and other health services) are mandated to follow a certain set of rules. For example, HIPAA gives you the right to find out who has accessed your medical records over the past 6 years. Under HIPAA, you have the right to choose which family members or friends you want your providers to talk to. You also get to decide whether or not to have your name listed in a hospital directory.
The law states that those providers and entities subject to HIPAA have to give you notice about how your medical information is going to be used and disclosed. According to many people, however, the Privacy Rule falls short. People want to keep their private information private. Period. When someone sees a doctor they want what they are saying and what is going on kept confidential. The problem is that there is a balancing act going on, and the government, the medical profession and related businesses have some compelling reasons for wanting that information revealed to them. For example, Public Health authorities need to know what’s going on, health insurance companies won’t pay unless they know what your being tested or treated for, and healthcare providers need to share information with their staff and billing services.
There are also other situations where your information can be revealed without your permission. Many people don’t realize that information from their medical file can be disclosed to a collection agency if their medical bills go unpaid, or that their private health information can be used for marketing purposes. What that means is that your information can be disclosed to pharmaceutical companies or businesses looking to recall, repair or replace a medical product or drug. And don’t forget, if your employer is self-insured, the people at your company who process your health claims are privy to your medical information. When you take all these things into account, it’s easy to see how literally hundreds of people can end up seeing your private information!
What may even be a bigger problem though is the information that is obtained and shared by individuals and organizations not subject to HIPAA. If you’ve ever applied as an individual for health, life or disability insurance, or had medical benefits paid under an automobile insurance policy, worker’s comp or disability policy, you’ve undergone standard tests and medical exams. You also have probably given authorization to have your healthcare providers contacted and medical records released. That information can be reported to the Medical information Bureau (MIB) which is a central database of information shared by insurance companies. If you have medical conditions considered significant, an insurance company will report that information to MIB. Typically, an MIB record reveals specific medical conditions and lifestyle choices – like if someone has blood pressure, asthma, or depression and whether they are a smoker, like to scuba dive, etc…. Not everyone is on file with MIB, but if you are you want to be sure the information is accurate! You can get a free copy once a year by calling 1-866-692-6901 or going to this site.
So, what are some of the things you can do to try and protect your privacy? One of the easiest things you can do is when you are asked to sign a waiver for the release of medical information or records, try and limit the amount of information released. Instead of signing the “blanket waiver” they give to you, cross it out and write it in more specific terms. Always ask your healthcare providers to be careful when sending portions of your medical records to your insurance company. They should send only the minimum required.
You also should discuss your confidentiality concerns with your doctor. If you want something to be kept confidential, bring a written request to your doctor that specifically revokes your consent to release information to anyone else. Of course, you’ll have to personally pay for that visit. If you really want to make sure a condition is kept confidential, see someone other than your regular doctor.
Also, be careful who you allow to access your information. Think twice about filling out marketing-related questionnaires that ask for family health information or history. And before you consider participating in a health screening in a public place, find out what they are going to do with the medical information collected. You don’t want it shared! Most importantly – know your rights under the HIPAA Privacy Rule and be informed about what legally can and can’t be done with your medical information. To learn more, go to the Privacy Rights website and the HHS Website.