What privacy rights does each person have with their own personal health information? This a common question with a not-so-simple answer. Any health-related information that could identify an individual and/or information in which there could be a reasonable basis to believe that the information could be used to identify an individual is considered private health information. Things to know about health information could be; who has to use HIPAA rules, how is this information used or shared, can it be controlled, who has access to this health information?
With all the steps and rules in place by HIPAA, there are still breaches of identifiable health information. All businesses and covered entities under HIPAA are required to provide a notification in the event of a breach of unsecured protected health information (PHI). Organizations that will be sending notifications include doctors/nurses, pharmacies, hospitals, and other healthcare providers as well as health insurance companies and government programs like Medicare and Medicaid. These businesses and organizations must inform each person of all rights upon initial sign up and in the case that medical information has been breached.
Individual health information ultimately needs to be shared in order to provide optimal care. It can be shared for the following reasons: to coordinate an individual’s treatment, for doctor visits, to provide families involved in health care (unless objected), to protect the public’s health, and even for police reports in the case of reporting a gunshot wound for instance. Sharing is constituted as written, oral, and electronic means. There is however, organizations out there that do not have to follow the Privacy and Security Rules. Those organizations include life insurers, workers compensation carriers, most schools, child protective service agencies, law enforcement agencies, and many municipal offices.
In general, most individuals will sign an agreement about the privacy of their health information upon the initial office visit. This document an individual might sign however, may still allow your health information to be used for sales calls, advertising, and may even be given to your employer. Health care providers should familiarize themselves with all the rules applying to individuals health information privacy because of the risk associated with not having a strong understanding. A New York based Hospital spent $4.8 million in a HIPAA settlement for a data breach of only 6,800 patient health records. Given the potential risk as a business owner, proper steps should be taken in securing all data.
Altogether, whether a business owner or an individual, knowing the health information privacy rights and rules is very critical. There is an abundance of information available to adhere to proper compliance, so take the time to review everything. Companies today even hire experts in the area of health compliance because of the potential large impact one little mistake can create.