The University of Kentucky Public Relations & Strategic Communications Office provides a weekly health column available for use and reprint by news media. This week's column is by Richard Chapman, chief privacy officer at UK HealthCare.
LEXINGTON, Ky. (Oct. 26, 2020) — Visiting a doctor's office or a hospital, generally means a host of paperwork being provided to you including a privacy notice and you being asked to sign a form. But like many people anxious to see their physician, you likely took the papers and signed your signature without fully reading them.
These forms are part of the Health Insurance Portability and Accountability Act (HIPAA) enacted by Congress in 1996. In general, the HIPAA Privacy Rule provides federal protections for your personal health information and gives patients’ rights with respect to that information. It also provides guidelines for the sharing of health information needed for patient care between physicians, nurses and those involved with your care. Additionally, HIPAA guarantees each patient the right to access their record at the healthcare facility where their information is kept.
The notice you sign at registration describes the ways the health care entity can use and disclose your protected health information. The primary uses permitted under HIPAA are uses for treatment, payment and operations. This ensures that healthcare providers can use the needed information to provide patients care and to bill insurance companies for those services.
Information protected under HIPAA includes information that is created or collected by your provider while delivering care. It also includes information about you in your health insurer’s computer system, billing information, and most other health-related information about you held by entities required by law to follow these rules.
These entities covered under HIPAA generally include your health plan, clearing houses and your health care provider such as doctors, clinics, hospitals, psychologists, chiropractors, nursing homes, pharmacies and dentists.
So what does it mean? Covered entities must reasonably limit how it uses and releases your information to accomplish their intended purpose. They must have formal agreements in place with their contractors and others ensuring that they use and disclose your health information appropriately and safeguard it.
In addition, they must have procedures that limit who can view and access your health information as well as implement training programs for employees about how to protect your health information. With a more interconnected world in which we live, these protections facilitate access to patient information for treatment purposes while still setting privacy and security standards for all healthcare providers to follow.
HIPAA also gives you the rights related to your information such as allowing you to ask to see and get a copy of your health records, request corrections added to your health information, and receive a notice that tells you how your health information could be used and shared with others. Health care entities are required by law to provide access to your records within a 30-day period from request. A new federal law called the 21st Century CURES Act reinforces these rights under HIPAA and pushes healthcare providers to accelerate ways to provide more direct access to your information.
For more information about HIPAA and health information privacy, got to http://www.hhs.gov/ocr/privacy/.