Are my medical records really private?


On a weekly basis I am asked the same question by my clients and the professionals I work with – are my medical records really private?  Whenever any of us go to a medical professional of any kind, we are asked to sign a very long form with very small writing that concerns the privacy of our medical information, but what does it really mean with regard to privacy? Instead of answering questions this process raises many more questions such as does this form alone guarantee our privacy? Should we sign it? Should we authorize access to other individuals? What if we do not have capacity to sign the form?

Both my clients and I can remember a time when this form wasn’t required.  It wasn’t until 1996 that the President signed into law the Health Insurance Portability and Accountability Act, otherwise known as HIPAA.  The HIPAA Privacy Rule protects a person’s health information.  The Rule applies to health plans, health care providers, and health care clearinghouses.  All health information is covered whether it is electronic, paper or oral.

There is a lot of information covered by and controlled in HIPPA.  To help you understand what you need to know and be aware of, here are three key answers to your questions that I want you to know about HIPAA and your privacy rights:

  1. Why is the form so long? What does it really say? The Privacy Rule requires certain covered medical providers to provide you with a notice of their privacy practices.  The notice is long because the Rule requires that the notice contain certain information.  The notice must describe the ways in which the provider may use and disclose protected health information, its duty to protect privacy, provide a notice of privacy practices, and abide by the terms of the current notice. The notice must describe your rights including the right to complain to the US Department of Health and Human Services (HHS), and to the provider, if you believe your privacy rights have been violated. This is where the protection of you comes in because the notice must include a point of contact for further information and for making complaints to the provider.

  3. Is my information really private? Let me give you some examples. A provider or health plan may send copies of your records to another provider or health plan only as needed for treatment or payment or with your permission.  A provider may not disclose your information to, for example, a life insurer for coverage purposes, your employer, or to a pharmaceutical firm for their own marketing purposes without your authorization. A provider must obtain your consent, in writing, for any use or disclosure of protected health information that is not for treatment, payment or health care operations or otherwise permitted or required by the Privacy Rule. A provider may not indiscriminately share your medical information with all its employees.  The provider must have written policies to identify the employees who can view your medical information.  For example, the nurse can see it, the other doctors can see it. However, the receptionist or cleaning lady should not have access.

  5. What if my family needs information?  As long as you do not object, your health care provider is allowed to share or discuss your health information with your family, friends, or others involved in your care or payment for your care.  Your provider may ask your permission, may tell you he or she plans to discuss the information and give you an opportunity to object, or may decide, using his or her professional judgment, that you do not object.  In any of these cases, your healthcare provider may discuss only the information that the person involved needs to know about your care or payment for your care.  If you do not object, your doctor can talk with the friend who goes with you to the hospital or with a family member who pays your medical bill.  If you send your friend to pick up your prescription for you, the pharmacist can assume that you do not object to their being given the medication.  If your family or friends call your healthcare provider to ask about your condition, they don’t necessarily have to provide proof of identity.  However, some providers have different policies on this.  You should ask your provider its policy.  Also, you should tell your provider the persons you want to be able to speak with the provider about your condition.   When you are not there or when you are injured and cannot give your permission, a provider may share information with your family or friends if it seems like this would be in your best interest.

Setting up your estate planning documents is vital to making sure that when you need them to, the person you want to have access your medical information can do so. Do not wait to choose your health care decision maker (and at least one alternate) who can make decisions for you in a crisis and access your private information. Call us at (866) 603-5976 or fill out the contact form on our website to schedule your complimentary consultation with our firm.