When you visit a doctor, you may wonder how your personal information will be used. Can your employer find out you're being treated for depression? Will your health insurer be told that diabetes runs in your family?
In this age of electronic record-keeping, it's natural to be concerned about privacy. But certain laws have been put in place to protect you. The most important of these is Title II of the federal Health Insurance Portability and Accountability Act (HIPAA).
HIPAA, also called the Privacy Rule, is a law that strictly governs how your health information is stored and handled. When it was first passed in 1996, there were almost no patient privacy laws in place. Today, thanks to Title II, there are now tight controls on medical record-keeping. HIPAA sets rules on who can view your records and what steps they must take to protect them. As a result, your medical information is generally kept under constant lock and key.
How does HIPAA work?
The purpose of the law is to protect your privacy. As such, it requires health care professionals to keep your records confidential. Caregivers and insurers cannot disclose your personal information except on a need-to-know basis. In fact, there must be a valid reason for even health care professionals to view your medical history. For example, it might be necessary to:
- Provide treatment or continuity of care
- Bill an insurance company
- Communicate with relatives (unless you say otherwise)
- Track and record public health concerns, such as a flu outbreak
- Report incidents to law enforcement, such as a gunshot wound or child abuse
Under most other circumstances, though, sharing patient information is prohibited. By law, no health care professional can:
- Disclose your health history to an employer
- Share your information with a creditor or lender
- Sell your information to marketers or advertisers
- Allow others to view your records without your consent
There are other ways in which the law protects your privacy too. Be assured that active security measures are required when handling your health records. For instance, clinics that use electronic record-keeping must also use encryption software. And all patient files are required to be locked up when they are not in use. Finally, employees who work with medical records must be trained in the proper handling and storage methods.
What information is protected?
Virtually all aspects of your health history are protected by law. This includes:
- Anything entered into your medical records
- Any conversation with a professional caregiver
- Any records kept by your health insurer
- Any billing records kept at your clinic
- Personal identifiers, such as your name or address
Further, caregivers and insurers must first get your written consent before they can share your information.
Are there any loopholes?
The biggest criticism of the Privacy Rule is that it applies only to certain professionals. These are caregivers, insurance employees and medical administrators. You are not protected to the same degree if you decide to share your health history with:
- Law enforcement officials
- School teachers or administrators
- Municipal employees
- A life insurance representative
- A bank official
- A creditor
- An employer
- Anyone else
In these cases, the Privacy Rule does not apply. For that reason, you should be very careful when you share medical information. As a general rule, you may want to keep conversations about your health limited to the doctor's office. After all, your caregivers are the people most committed to protecting your privacy.
