HIPAA stands for the Health Insurance Portability and Accountability Act, but most of us know HIPAA to stand for patient privacy. In 2003, the Privacy Rule was added to HIPAA, which regulates the disclosure of certain Protected Health Information (PHI), which includes any part of an individuals medical records AND payment history. The Privacy Rule of HIPAA states that you are to be notifiedof any use of your Protected Health Information. As our files are transferred to electronic medical records, this notification clause may come into play.
More information on electronic medical records in the age of Wikileaks: http://www.aapsonline.org/newsoftheday/001447
The Journal of Western Medicine posted an article back in the 70’s, written by an attorney, talking about previous court cases involving patient privacy rights. “Must information be provided upon the request of a patient? It is likely that the courts will hold that patients are entitled to the information contained in their records. The California Supreme Court case of Cobbs v. Grant, dealing with informed consent, stresses the patient’s ‘right to know.’ A patient probably has no legal right to see his own medical record. The chart itself is maintained for the physician’s use, and permitting the patient access to his chart does not necessarily enhance his knowledge.” So we’ve changed our opinion about a patient having no legal right to view his/her own file to now needed the patient’s consent, but it looks like the next step might be that the patient only needs to be “notified” about the use of their medical file, according the HIPAA.
Read the article from the Western Journal of Medicine here: http://www.ncbi.nlm.nih.gov/pmc/articles/PMC1455320/pdf/califmed00005-0109.pdf
According to the Wall Street Journal, the Office for Civil Rights has a long backlog and therefore ignores most complaints. “Complaints of privacy violations have been piling up at the Department of Health and Human Services. Between April 2003 and Nov. 30, the agency fielded 23,896 complaints related to medical-privacy rules, but it has not yet taken any enforcement actions against hospitals, doctors, insurers or anyone else for rule violations. A spokesman for the agency says it has closed three-quarters of the complaints, typically because it found no violation or after it provided informal guidance to the parties involved.” With the onset of electronic medical records, I don’t think things will improve much.
More information from the Wall Street Journal about the backlog of complaints: http://www.post-gazette.com/pg/06362/749444-114.stm