HIPPA stands for the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191.  This means that “covered entities” must protect the privacy of individuals’ health information.  When it first began, it was hard to get the message across to some individuals that they could not discuss private patient information.  Employees that are guilty of leaking private health information can be penalized by fine and even jail, depending on the circumstances.

Prior to this law, hospitals displayed a list of patients in the hospital, or even published them in the newspaper.  That made it pretty handy for local citizens to visit their friends if they learned that they were hospitalized.  However, once the law was passed, and the list was not public information, many persons were very mad and just couldn’t understand why hospitals kept their census secret.  I had a lady slam the phone down one day because I wouldn’t tell her who was in the hospital so she could put them on their church prayer list.  Volunteers at hospitals or other health care facilities must observe HIPAA law, as well.

“Covered entities” include healthcare plans, healthcare providers, healthcare clearing houses, pharmacies, private care, dentists, emergency service providers, and physical therapists, etc.  If you call a nurses’ desk and ask for the condition of a patient by name, they may give you a brief description, such as fair, or good.  The HIPAA privacy regulation provides that individually identifiable information about a person’s physical or mental health or health care (in any written or oral form) – including computer records – is protected from unauthorized disclosure.  Most physicians’ forms require the patient or guardian to fill out the name of any other doctor and entity that their report should be sent to, as well as permission to release their medical information to family members and/or friends.

The Privacy Rule does not require a health care provider or health plan to share information with your family or friends, unless they are your personal representative.  Then providers may share information with them in certain circumstances.  A provider or plan may also share relevant information with these persons if, using its professional judgment, it believes that you do not object.  For example, if you send your friend to pick up your prescription for you, the pharmacist can assume that you do not object to their being given the medication.  When you are not there or when you are injured and cannot give your permission, a provider may share information with these persons when it decides that doing so would be in your best interest. 

In all reality, this is a good thing, because if you are hospitalized, your diagnosis will kept between you, your family and physician; you have the right to know that it will not be given to anyone else.  Many times, things get stretched and are not so bad as rumors would have one believe.  Rest assured, most hospitals and healthcare facilities are very aware to respect HIPAA.  This means that your medical information is safe.

We will do an article later this week regarding Rights as a Whistleblower, and how it pertains to HIPAA, as well as other workplace laws.