HIPAA and You
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) gives you control over your health information.
The original HIPAA was to establish standardized procedures to protect the confidentiality of protected health information. More recently the procedures apply to electronic storage or transmission of clinical information, network or Internet connections and e-mail used both inside and outside a medical practice.
Under HIPAA protections, you as a patient have the right to decide who can see your personal protected health information and how it can be used. You are asked to review the HIPAA information often because HIPAA requirements are not static and your doctors to make sure you understand any changes to the law. It is important to keep your and other patients comfortable about the practice complies with HIPAA.
HIPAA information protection is a big deal. The Centers for Medicare and Medicaid Services (CMS) became responsible for the oversight of implementation and compliance. Currently, the Office of Civil Rights follows up on any HIPAA violation complaints. They can also levy civil monetary penalties. Congress set the amount of the penalties from $100 per violation up to $25,000 per year. The U.S. Department of Justice handles any criminal violations.
In the beginning, it was difficult for small practices to know exactly what was expected. So, to decrease their risk, providers began to consider their privacy measures and implement reasonable safeguards to protect the confidentiality of their patients’ personal medical information. They evaluated their privacy and security policies, they took the opportunity to correct any issues they found. At this point, many practices were keeping records on paper while a few had begun to use computers for some tasks.
HIPAA requires that a practice write policies and procedures to protect personal health information. You remember when your doctor asked you to read and sign the booklet explaining what information they kept and how it would be used. They also should have asked you to name, on an authorization form, the people who could have access to your personal health information. They explained their system to track and account for any personal health information disclosures. You probably had no idea what all this meant, but got the feeling that is was for your good, so you signed.
Each practice has a privacy official or contact person. Finally, they trained their staff in HIPAA compliance. This training is continuous and helps the staff understand how to protect your health information. You can ask to see who the compliance person is and to see the staff training records. Some doctors and health care professionals want you to know they are incompliance with HIPAA and post their HIPAA information where you can easily see it. They do this to continue to build your trust. They work hard establishing your trust and they know that they are accountable for keeping your personal information secure.
When your health care provider follows the HIPAA guidelines, they are assuring you that you can say when, where and to whom your personal health information can be given or discussed. HIPAA is in place to protect you.