HIPAA stands for the Health Insurance Portability and Accountability Act. Enacted in 1996 under President Clinton, the HIPAA has a privacy section that regulates the use and disclosure of patient health information, including health status, health insurance, and health-related payments.
Entities covered by the HIPAA cannot disclose patient information except for specific reasons and only under particular conditions.
Can a Person with Power of Attorney Access Medical Information?
Nothing in HIPAA changes how a patient can grant another individual power of attorney for health care decisions. The normal state or local law governing power of attorney still applies. Nothing needs to be added to or changed in the power of attorney documents to accommodate HIPAA regulations. Privacy rights granted to a patient under HIPAA are transferred to the person with power of attorney for health care decisions.
Nevertheless, suppose a doctor or other covered entity thinks that the individual with power of attorney has been abusing the patient or is otherwise endangering the patient. In that case, the doctor or covered entity can refuse to disclose the medical information if it would be in the patient’s best interest.
Do I Have the Right to See My Own Medical Records?
An individual does have the right to view their medical records. Usually, a health care provider or any other holder of medical records must implement certain technical and administrative precautions to ensure that information within those medical records is not available to anyone.
Nevertheless, an individual can request a copy of their medical records from their healthcare provider or whoever else holds the information. The information holder must deliver the records to the person within 30 days.
It is essential to mention that while people have the right to obtain their medical records, it is not illegal for their healthcare provider to charge them a fee for providing a copy of the records. These fees may differ by state as well as by healthcare institution.
How Does HIPAA Protect My Privacy?
HIPAA established federal standards to protect the security and confidentiality of a patient’s health information. It limits when and how health plans, pharmacies, hospitals, and other entities can use a patient’s private medical information.
Does My Employer Have the Right to See My Medical Records?
An individual’s healthcare provider is typically prohibited from releasing any information regarding their health records to anyone, including their employer. If, however, the person’s employer is providing their health care plan, they are allowed to have some access to the person’s medical information, which should generally be kept secret from an employer.
The employer is only permitted to use this information in a capacity related to health care issues. In addition, the employer is not allowed to share this info with any other employees in the company.
Can My Employer Disclose My Own Medical Records to Anyone?
Several federal laws protect against the disclosure of employee medical records in the workplace. Although the language of each law is slightly different, the consensus is that an employer is held to rigid confidentiality rules when dealing with acquiring and disclosing the medical information of its employees.
Unless a human resources employee, supervisor, or manager has a legitimate need to know, an employer that discloses private medical information is likely breaking the law. Depending on the circumstances of the case, an employee may be able to file a federal complaint and seek compensation for the damages they suffered through a civil lawsuit.
Federal laws governing the privacy of medical records include:
- The Family and Medical Leave Act (FMLA);
- The Americans with Disabilities Act (ADA);
- The Genetic Information Nondiscrimination Act (GINA);
- The Pregnancy Discrimination Act (PDA); and
- The Health Insurance Portability and Accountability Act (HIPAA).
There are only four circumstances where it may be acceptable for an employer to share an employee’s private medical information. It is essential to mention that these are exceptions to the rule, not the rules themselves. These exceptions may include disclosing information to:
- A manager or supervisor when that medical information is necessary to provide reasonable accommodations for an employee, which generally falls under the ADA;
- Safety personnel and first aid providers if that worker should need emergency medical treatment;
- Authorized personnel in the course of a state or federal workplace investigation; and
- Authorized personnel in the course of a worker’s compensation or an insurance claim.
Do I Have to Disclose Information About Therapy Sessions?
Mental health providers, including therapists and psychologists, are not required to disclose information regarding mental health and generally do not do so unless they get consent from the patient.
Employees cannot be denied benefits from a health plan simply because they have not revealed private information regarding their mental health.
What Entities Are Covered By the HIPAA?
The HIPAA applies to the following entities:
- Health insurers
- Medical service providers
- Employer-sponsored plans,
- Health care facilities
- Any independent contractors employed by the entities listed.
What Reasons Would Allow Entities to Disclose Information?
Entities covered by the HIPAA can disclose information for the following reasons:
- Upon the request of the patient, within 30 days
- If required by the law, such as for suspected child abuse
- If necessary, to facilitate the treatment or the payment of treatment on behalf of the patient.
Covered entities cannot disclose information for any other reason without the patient’s prior written consent.
What Other Privacy Protections Do I Have for My Medical Information?
There are also other privacy protections that people may use for their medical information. Patients at the hospital can request that data regarding their identity or stay at the hospital not be made available to the public in the hospital directory.
In addition, an individual may request that a hospital not share any information regarding their health with family members or friends. If these requests are made, the hospital is obliged to obey them.
For law enforcement to get the information, they must have legal authorization before being allowed to view the person’s medical records. This may come in the form of a subpoena.
What Is the Penalty for Violating the Privacy Regulations of HIPAA?
An entity that violates the privacy requirements of HIPAA is subject to criminal and civil penalties, including:
- Civil monetary penalties up to $100 per violation up to $25,000 per year for each violation
- Criminal penalties ranging as high as $250,000 and 10 years in prison if the offense was committed with intent to use the private medical information for commercial gain or malicious harm
What Can I Do if My Privacy Rights under HIPAA Have Been Violated?
Suppose you believe that an entity has inappropriately used or disclosed your private health information. In that case, you may file a direct complaint with the United States Department of Health and Human Services’ Office for Civil Rights (OCR). The OCR will investigate the matter and impose civil penalties if appropriate. Criminal violations of the law will be referred to the U.S. Department of Justice.
Do I Need a Lawyer Experienced With HIPAA Laws?
The HIPAA laws can be pretty complicated, and penalties for violating a patient’s privacy rights under HIPAA carry serious criminal charges and civil damages. An attorney can explain the law to you and ensure that you comply with HIPAA’s privacy requirements.
If you feel your rights have been violated under HIPAA, you may want to consult a personal injury attorney. Your lawyer can advise you of your rights, help you file a complaint against the specific agency that violated your privacy through the illegal use of your records, and let you know if you may be entitled to any remedies.