Since it was first enacted by the Clinton Administration in 1996 the Healthcare Insurance Privacy Protection Act has served a great purpose in making it very difficult for illegal breaches that impact your private information to occur. Organizations that do not adhere to the legislation will be fined when breaches inevitably take place.
Even though it is around for so long there are still many different misconceptions regarding the law. Here we address some of the most common misconceptions.
Number 1 Misconception: You May Not Share Information with Family Members
This is not the case. You are permitted to allocate specific permissions, stated in writing by you, that records may be shared with certain individuals.
Number 2 Misconception: Health Records Are Only Available to Patients or Caregivers
This is incorrect as a patient’s medical records can be accessed without a patient’s permission by many groups and organizations, legally and illegally.
Number 3 Misconception: Access to an Employee’s Records is Possible
HIPAA does not allow this, even if they (the employer) are paying for the health insurance. Employers can only access records with your permission, in writing
Number 4 Misconception: Doctors May Not Email Their Patients
This is often an excuse given by a doctor when they do not wish to communicate with patients using this method of communication. It is not true; HIPAA does not prohibit the use of email between doctors and patients. The only stipulation is that health information is safeguarded using encryption. Standard free email normally does not include this encryption. In most cases, you can upgrade to add encryption to your email account.
Number 4 Misconception: Healthcare Providers Must Provide All Medical Records to You
There are a number of different records that may be withheld and not made available to you. One example is when it is felt that the information may be harmful to you, such as certain mental health records.
Number 5 Misconception: If You Are Denied Access to Your Records, You May Sue to Get Copies
While there are many options for you to address this eventuality, a lawsuit is not one of them. The U.S. Department of Health & Human Services (HHS) provides a process patients may follow if they believe their rights have been violated under HIPAA laws. It includes submitting an official complaint using an online process.
Withholding information can result in a penalty to the violating entity, ranging from a $100-50,000 fine for each violation to 10 years in jail and a $250,000 fine, and even reach a maximum of $1.5 million for identical provisions during a calendar year.
Number 6 Misconception: HIPAA Legislation Protects All Medical Records
There is an element to truth in this but only under certain circumstances. Healthcare providers, healthcare facilities, and sometimes insurers are the only entities bound by HIPAA. For more information regarding HIPAA, visit Compliance Junction.
However, there are other groups that are not subject to HIPAA. Mobile and online applications such as health and fitness trackers are a good example of this. They are not under any restriction from doing what they want to with those records, even if they claim the records are private and safely held.
Number 8 Misconception: Providers Must Address All Mistakes in Patient Records
While you can ask for changes to your records, there is no guarantee that the mistakes will be amended. You can dispute any refusal to do this in official correspondence and this must be recorded by the group you are contesting the decision with.