Most everyone has heard of HIPAA (the "Health Insurance Portability and Accountability Act"). This law covers health care plans, health care providers, clearinghouses, and their business associates. The health care information of individuals is protected from disclosure to the wrong parties by following these rules.
In general, the patient controls who sees his/her health care information. There are two "required disclosures" that the health care entity must make: 1) to the individual or their personal representatives when specifically requested; and 2) to Health and Human Services in response to an investigation or review.
There are also certain times when the "public interest" may allow disclosure. Public interest situations include disclosures made because of specific laws or situations (child abuse or neglect, abuse of the elderly or disabled, FDA tracking, OHSA purposes, communicable disease control, and the like). Disclosure may also be allowed in some cases of domestic violence, to protect another person or the public from a threat, to facilitate organ donation, for purposes of determining cause of death or for preparing a body for burial, for law enforcement purposes, for workers compensation laws, or for other essential government functions. There may also be disclosure when a court or administrative agency demands it by subpoena, order, or other lawful process.
But all of the rules and regulations in the world can't protect your information if you are careless with it yourself. To maintain good control over your protected information, do the following:
- Think about who you want to have access to your health care information. It is usually best to have at least one person who has access, just in case something happens to you and you need assistance. But don't choose just anyone, choose someone you trust.
- Treat your medical records, prescription records and medical bills with the same care that you use for your bank statements and credit card receipts.
- If you login online to see your medical records, be sure to use secure passwords and make sure that you log out when you are finished.
- Be careful in public. Just like you shouldn't shout out your social security number in public, you shouldn't share private health care information where the wrong person can hear it.