Tuesday, May 27, 2014

HIPAA and the Privacy Rule: Preventing Medical Identity Theft

What is HIPAA?  Most people see HIPAA and assume that it is a confidentiality law.  That is partially correct, but was not the original intent of the law.  The Health Insurance Portability and Accountability Act  became a law in 1996.  The purpose of the law was to promote the continuation of health insurance coverage as people moved from job to job.  With all this moving of information, it was recognized that the original Privacy Act of 1974 was not sufficient to protect patient confidentiality, so an additional Privacy Rule was added to HIPAA and implemented in 2001.  Health care facilities had until 2003 to comply with the Privacy Rule, which protects personal information, otherwise known as Protected Health Information (PHI).  The Privacy Rule requires that PHI remain confidential and can only be shared with consent from the patient.  Patients are asked to sign a “release of information” form before any private information can be shared with other doctors, health care professionals, insurance companies, and other vendors. 

The Privacy Rule has limitations.  In certain cases, private information can be shared without permission, such as subpoenas, cases of child abuse or neglect, or victims of crimes.  In most cases, however, your permission should always be obtained before private information is shared.

With the growing use of the electronic medical record, many people are afraid that their private information might be shared without their permission.  To be honest, it can and does happen.  Privacy breeches occur on a regular basis and identity fraud does occur in health care.  The best thing that you can do to advocate for your own privacy is to:

1.  Request to view your medical record and check for any errors.
2.  Report anything suspicious (e.g., inappropriate bills, calls from debt collectors, etc.) to your medical provider and/or insurance company.
3.  Request an “accounting of disclosures”.  This is a summary of the people who have had access to your medical record.  Most providers will provide a free accounting disclosure once every 12 months.

For more information and suggestions, please see the following website: http://www.consumer.ftc.gov/articles/0171-medical-identity-theft

Valerie J Connor, MA CCC-SLP


Post a Comment

About Me

Kaplan Center for Health and Wellness
View my complete profile