Patient Privacy & HIPAA
HIPAA stands for the Health Insurance Portability and Accountability Act, originally introduced by Congress in 1996. A major piece of this legislation, better known as the "Privacy Rule," is the HIPAA Standards for Privacy of Individually Identifiable Health Information. This portion of HIPAA was published by the Health and Human Services Department in December of 2000 and "finalized" in August of 2002. The Privacy Rule went into effect on April 14, 2003.
The Privacy Rule is important because it gives you more control over your medical record and establishes safeguards for your health information. It also holds entities like Western Connecticut Medical Group accountable for your confidential information and permits disclosures of your health information for legitimate purposes including for public health oversight or other purposes required by law. The Privacy Rule allows you to make informed choices about your health information and ultimately gives you the right to examine and obtain a copy of your record.
HIPAA requires that all patients receive adequate notice of how a covered entity like Western Connecticut Medical Group may use and disclose your health information. The "Notice" explains all of this including your rights and your physician's obligations. HIPAA requires your physician to provide the "Notice" to you only once.
The "Notice" is always posted in the office as well. You are asked to sign that you received the "Notice" because the "Privacy Rules" mandates that your physician make his/her best attempt to have you sign that you received the "Notice" to ensure you were provided this information.
If you have a question about HIPAA or a complaint, you may ask to speak with your physician, office manager, or directly with the Western Connecticut Medical Group Privacy Officer. They can explain your rights and your physician's obligations, as well as, address your concerns.
HIPAA requires your physician office to accept all complaints regarding Privacy. The "Notice" you received explains the contact information for the Western Connecticut Medical Group Privacy Officer including the fact that your physician and office manager can also assist you with your concerns.
Why does my doctor have to comply with this new Federal Law?
Under the law, all healthcare providers who conduct certain financial and administrative transactions electronically must abide by the HIPAA laws.
Can my physicians discuss my case with other providers and/or staff in the office?
Yes, as long as your physician is discussing only the information needed to accomplish a legitimate function (like treatment or payment for your treatment). This is called the "Minimum Necessary" standard under the Privacy Rule.
Additionally, HIPAA does not require your physician to construct physical barriers to protect your information, but it does require your physician to use reasonable safeguards to protect your identity and confidential information in his/her office.
Will the doctor's office still leave message reminders at my home?
Yes, unless you object to having the office contact you at your home, such as with appointment reminders, your physician will continue to leave message reminders and communicate with you as necessary to provide quality service.
Can my physician still use a sign-in sheet and/or call my name in the waiting room to announce my "turn"?
Yes, your physician may still have you sign your name at the time of registration or announce your name in order to call you to an exam room.
Can my physician still fax records?
Yes, your physician may fax your health information as long as reasonable safeguards are used (like verifying the correct fax number).
Do the HIPAA requirements apply to non-physician staff such as nurses, medical students, and residents walking in the hallways or in the exam rooms?
Yes, clinical staff, students, and trainees must follow the HIPAA Privacy Rules.
Can my physician discuss my care with a close family member or friend as we have been doing in the past?
Yes, HIPAA allows your physician to disclose your health information to family members and friends involved in your care as long as you do not object to the disclosure.
Does HIPAA still allow parents the right to access their children's records?
Parents of children 17 years and under generally have access to their child's health information. However, HIPAA defers to Connecticut law in recognizing certain confidential relationships between a minor and their physician in specific treatment situations.
If my physician is referring me to a specialist, can this specialist have access to my record before I enter his/her office for the first time?
Yes, HIPAA does not prohibit the specialist from accessing your health information to prepare the process for seeing you for the first time. However, as is the case now, you may need to authorize disclosure of your records to the specialist.
Does HIPAA prevent physician offices from reporting patients to collection agencies?
No. Under HIPAA, collection activities are considered legitimate payment functions and disclosures of "Minimum Necessary" data to collection or credit agencies to receive payment are possible.
Does HIPAA allow my physician to share my health information to market goods and services?
HIPAA prohibits the selling or disclosing of your private health information, including demographics used in registration, to third parties for marketing purposes without your specific authorization.
Will my physician and the hospital still send me reminders about education and screening held each year?
Yes, HIPAA still allows your physician or hospital to send you information about wellness programs or preventative health opportunities they are offering.
Will physicians start routinely reporting my private health information to the government under HIPAA?
No, however, your physician will continue to make reports, if any, required under existing law such as reporting communicable diseases. If a court order or judicial subpoena is presented to your physician for the release of your information, he/she will disclose of the information as required by law.