In 1996, Congress passed the Health Insurance Portability and Accountability Act, which is commonly referred to as HIPAA. This act outlines who has lawful access to a person's health records. Under the act, a person has a guaranteed provision to his or her own health information. However, it does set limits on the release and use of medical data. It also outlines several privacy standards for healthcare professionals. Every person has the right to know how his or her digital data is stored and used. Before they share or release any medical data about a specific patient to a third party, health care providers must obtain written permission. The Health And Human Services' official site has information about all of the HIPAA privacy rights.
There are several exemptions for the HIPAA rules. Employers, life insurers and certain educational districts are exempted. Federal agencies such as the Social Security Administration or Medicare have the right to examine records for the purposes of determining a person's eligibility for benefits.
The Medical Information Bureau was designed to be an information exchange for underwriters and insurance companies. This bureau does not use individuals' medical records. Information is only used with the proper consent, and its purpose is to protect insurers from errors, misstatements and omissions placed in health statements. The Fair Credit Reporting Act permits every consumer to obtain one free copy of his or her MIB record each year. Only those who have applied for life or health coverage during the past several years will have an MIB record. Interested consumers can visit the MIB's site for more information.
There are some situations when a medical provider can share information with family members and friends. More detail is available here.
If a court orders a person's electronic patient records to be released, they can be obtained with a legal order or subpoena. In some legal situations, these records may be required. Medical treatments for sexual attacks, gunshot wounds and most domestic violence cases must be relayed to the authorities. With their own discretion, health care providers also have the right to distribute information to billing departments, claims management and health insurance companies. Written permission is not needed for any of these instances. They may also release information to research organizations and professional societies that are reviewing providers or conducting legitimate research. If employers are evaluating workers compensation claims, health providers may also release medical information to them.
HIPAA is an extensive and complex set of rules. The U.S. Department of Health and Human Services provides an outline of who has the right to access a person's records. Click here to view the HHS Privacy Rules main page. For answers to any questions or to voice any concerns, discuss these issues with an agent.