Your Personal Health Data
HIPAA, or the Health Insurance Portability and Accountability Act of 1996, is the Federal legislation establishing data security and privacy provisions to safeguard medical information. The part of HIPAA governing your rights over your own health information is called the Privacy Rule. According to the U.S. Department of Health and Human Services, this law sets limits and rules governing which people can receive and view your personal health information. This includes information stored or delivered in writing, electronically or orally.
How Your Health Data Can Be Shared
If they’re involved in your direct care, then doctors, nurses and hospital staff can view relevant parts of your health information. So too can family members, friends and others whom you specify. Government agencies researching the prevalence of certain diseases can view the health information pertinent to developing their report; so too can private researchers, although that information is only shared anonymously. Government agencies can also view your health data if it directly pertains to Social Security claims, workers’ compensation claims and disability insurance claims. Police can view the health data of people involved in a criminal act, whether the perpetrator or the victim.
Whenever you see a new health care provider for the first time, such as when registering as a new patient in a hospital or clinic, you are given a written statement informing you of how that provider may use your health data. It is against the law for the provider to share your health data in any way other than or inconsistent with the ways described in that notice. You’ll also receive this type of statement any time you sign up for new health insurance. If you don’t have a copy of this notice to refer to, you can always ask the provider for another copy.
How Your Health Data Can Not Be Shared
The most important thing to remember about the privacy of your health data is that you are 100% in control of what does and does not get shared. You have the right to request that your health care providers not share certain parts or all of your medical information with particular people or organizations. You can request that your particular health care providers not share your health data with any other health care providers at the given facility unless directly involved in your care.
In fact, you have the right to ask for any restrictions over the sharing of your health data that you want; the health care provider does have the right to refuse, especially if it would interfere with your direct care. You can even request that your health care provider refrain from informing your insurance company of treatments you’re receiving or medications you’re taking, provided that those items are paid for in full on time. Additionally, you can request that information mailed to you be placed in a sealed envelope, rather than being mailed as an open postcard, for example. You can also request that your health care provider contact you at a certain number other than your primary contact number, such as at work instead of home.
Employers are prohibited from viewing health records of employees or prospective employees as it could lead to discrimination in the workplace. The only exceptions to this are when the employer needs to view health data pertinent to a request for sick leave, the administration of health insurance, participation in a work-based wellness program or a worker’s compensation claim.
Insurers, meanwhile, may be able to access health records related to a claim being processed. However, your insurer cannot provide another insurer access to those records simply for the purpose of deciding whether or not to offer you insurance. This would qualify as an unauthorized disclosure of your personal health information to a third party.
Another way your health data is protected from being shared is with advertisers for the purposes of marketing their products and services to you. The one exception to this rule is if you participate in low-cost or free health screenings conducted at a public facility, like a mall, county fair or pharmacy.
The Security of Electronic Health Data
In today’s age of the Internet, when even personal health information is stored digitally, it’s natural for people to wonder how safe their health data really is from the prying eyes of hackers and other unauthorized persons. Electronic medical records (EMR) are protected using cutting-edge security technology. While this technology is admittedly not perfect, it’s certainly more secure than a paper record, like an open chart, which could be left on a desk for any curious passerby to glance at.
Unless explicitly permitted by HIPAA, the only way that your personal health data can otherwise be shared is with your authorization. If you believe that these rights to privacy have been violated, you have the right to file a complaint with HHS against your health insurer or health care provider.