The Health Insurance Portability and Accountability Act (HIPAA) of 1966 is well-known amongst healthcare professionals. It lays out strict guidelines on the sharing of protected health information (PHI), stipulating when it can be disclosed and what the consequences are if it is accessed by unauthorized personnel. Due to its importance, anyone who works in the healthcare industry, from doctors to insurance clerks, must have some HIPAA-related training to prevent any confidentiality breaches.
Do patients have any rights under HIPAA?
As well as protecting a patient’s information, HIPAA also ensures that patients themselves have access to their own medical records. However, only three in ten patients are aware of these rights, or believe that they cannot access the medical records themselves.
Even amongst those remaining seven-in-ten who were aware that they could access medical records, only three had actually accessed the files. It is likely that the remainder did not know how to access records, or were afraid of being burdened by lengthy request forms. In fact, accessing health information can be as simple as putting your request into writing and paying any associated costs (though the OCR encourages healthcare professionals to provide the documents for free, some will still charge for the costs of copying and postage). Additionally, patients cannot be denied access to their own medical records if they have outstanding healthcare bills: the right to access takes precedence.
However, around 80% of those who chose to see their medical records found it was a beneficial exercise. Access to medical records gives patients much more agency over their healthcare, as it means that they can have a full history of previous treatments and thus have a voice in what will happen next. Patients who have accessed their medical records can also send the records to any other individual, healthcare professional or otherwise, of their choosing.
Other rights conferred to patients by HIPAA include the right to request an amendment to any healthcare records believed to be incorrect. The amendment is subject to agreement with a healthcare professional, but if an agreement cannot be reached the patient still has the right to have the disagreement recorded on file.
Under HIPAA, healthcare data should only be accessed by relevant healthcare professionals or other authorized individuals. However, there are some special scenarios where health data may be used for research not directly related to your care (for example, for epidemiological studies). This is why healthcare professionals must receive special HIPAA training. You may request to see who has accessed the documents and find out how your information has been used. It is important to note that, if your data is used for such scenarios, your data will still be protected and not made public.