June 24, 2008 11:45 AM   Subscribe

What is HIPAA (Health Insurance Portability Accountability Act)? How does it protect an individual in terms of Doctors and medical conditions that , say, an employer might ask. Does it protect your privacy?
posted by cvoixjames to Law & Government (9 answers total)
This is one of those questions that will probably get a lot of confusing and contradictory answers; I would suggest going straight to the people who enforce it for answers. In general it does protect your privacy, but there are some significant loopholes. The best answer would depend on the specifics of your situation and if you have waived any of your protections.
posted by TedW at 11:51 AM on June 24, 2008

Best answer: Try the info from the Health Privacy Project.
posted by gingerbeer at 12:00 PM on June 24, 2008

It can be extremely confusing but essentially it was passed to allow for the flow of medical information while protecting your privacy. All of the information you come across will talk about your PHI (protected health information) which is any part of your identifiable health information in any media, whether oral, electronic or written.

As for your employer - they have the right to know about any medical condition that might affect the performance of your job but other than that, your records are off limits to them unless you waived your protections. I would agree with TedW. Go to the HHS site he linked to and then talk to an HR dept. if you are concerned about something with your current employer.
posted by Sophie1 at 12:23 PM on June 24, 2008

Best answer: The big deal about HIPAA, to my mind [as a librarian but NOT a medical professional] is that it's really only binding if someone decides to sue/complain over it, sort of like the Americans With Disabilities Act. There are a lot of provisions for how health care professionals must keep your information private [both their personal knowledge of it and your health care records] especially when that information is transferred. Generally speaking, they can't give your medical information to an employer unless you approve. Realistically speaking, it happens and if that is the sort of situation you are in, you can file a complaint. It doesn't so much protect your privacy -- though it tries to, and makes certain things more likely to be private through best practices and awareness -- as give you the ability to go after someone who does NOT protect your privacy.
posted by jessamyn at 12:34 PM on June 24, 2008 [1 favorite]

You might try this page: HIPAA Frequent Questions
posted by pardonyou? at 1:48 PM on June 24, 2008

...really only binding if someone decides to sue/complain over it...

While there is some truth to that, my hospital, like many others, has a compliance office that actively looks for HIPAA violations and takes the appropriate action. I know a few people who have been disciplined or even terminated over these things and in many instances the patient did not even know a violation happened.
posted by TedW at 2:03 PM on June 24, 2008

Follow the links above. But keep in mind that HIPAA (the 1996 statute) was devised with an emphasis on the portability element - ensuring that employees could keep their insured status when changing jobs. But then the Department of HHS adopted a massive set of regulations that are ostensibly designed to protect patient privacy, and now HIPAA (the 2003 regulation) is something like the Frankenstein of health care. Everyone is scared shitless of it, and no one knows how or why it was created.
posted by yclipse at 6:20 PM on June 24, 2008

. . . or what it's going to do next.
posted by yclipse at 6:22 PM on June 24, 2008

Best answer: Medical records person here. If your boss asked me for information about you, and you weren't standing there saying 'yeah, sure', I'd giggle. That's the kind of situation that HIPAA is good at avoiding. If he says "But I need to know if he was really sick when he called in Tuesday!" I'd tell him to take it up with you. Your information is your information, and if you want it to remain private, that's what HIPAA does.

If, however, you sign "a HIPAA-compliant authorization for the release of information" that specifically releases information to your boss, then legally that's the same as you standing there, as above. If you only wanted to release part of your record to your boss, then I'd suggest you get a copy of your record (you have the right to one free copy - after that, you can get charged or not, it varies according the the institution), and give your boss what you want him to see, limited and redacted as you see fit.

Where it gets tricky is if you are a patient and another healthcare professional (Doc, Nurse, etc), needs to see your information. The key is 'needs' to see - as in 'is providing care and operating under the Hippocratic Oath' etc. If the healthcare professional is curious about your family's history of diabetes because he's dating your sister, then it's got no more legitimacy than the above situation with your boss. If, however, you've been involved in a severe vehicular trauma, and the doctor needs to know if the stent placed in your heart back in '87 was metal or plastic before he gives you a desparately-needed MRI, (a procedure that images very accurately by the use of big magnets that would easily pull out a metal stent and kill you) but you're bleeding profusely and mumbling, then that scenario has a bit more legitimacy than your boss wanting to know about your history.

In such a case, I would be more willing to give out the information, but somebody still has to sign the authorization: no ifs ands or buts. The Attending Physician can sign the authorization if the patient is unable, thus taking responsibility. This is not only important to the patient, but also to the releasing party, the hospital or clinic or private practice or what-have-you, as it absolves us of liability for what is done with the information once it leaves our control. For example, you have given permision to release your information to your insurance company and, upon noticing that you have a family history of heart disease and a lipid profile that indicates one too many cheeseburgers, said company jacks up your monthly premium. It's not our fault. Can anyone compel us to release your records? Yes, authorities can request records, and we must surrender them, but only under subpoena (a 'search warrant' for medical records will not suffice).

The bottom line is that one cannot interfere with a physician's ability to perform his duty, but outside of that, your information is your information, and only gets released in a gradient of circumstances that move from most severe (your life is at stake) to least (you want a copy of your records to leisurely peruse), and in all cases, without exception, someone takes responsibility for the release of that information, and only in rare circumstances is that someone not the owner of the information.

There are all kinds of twists and turns, but I'll stop here. MeMail me with other questions, if you have them.
posted by eclectist at 11:39 PM on June 24, 2008 [1 favorite]

« Older How do you get rid of extremely stubborn plantar...   |   Illustrator that creates interiors with outdoor... Newer »
This thread is closed to new comments.