HIPAA Basics for Migraine Patients: What Are Your Rights?
The Health Insurance Portability and Accountability Act (HIPAA), a 1996 federal law, gives patients certain rights with respect to their health records and information.
This article is the first in a series of three about HIPAA: Part 1: Your rights, Part 2: Spotting violations of these rights, and Part 3: How to file a complaint about possible violations.
HIPAA protections are all about maintaining the privacy of your health care information and giving you the power to determine who has access to it. These rules apply to information regardless of format: Oral, written or electronic.
Under HIPAA you have the right to, for example:
- Review your health records. This includes getting a copy of the records either on paper or electronically (your preference if the provider has both capabilities). The health care provider has 30 days to comply with your records request.
- Ask for corrections to your medical records.
- Receive a written policy stating how your information may be used.
- Request a report telling you how your information has been used.
- Decide who your information can be shared with, such as marketers.
- Complain if your rights aren't being respected or your information isn't being protected.
Examples of entities required to follow HIPAA include, but are not limited to:
- Health care providers, such as doctors, support staff, hospitals, clinics and pharmacies.
- Health plans, such as insurance companies, HMOs, Medicaid and Medicare.
Your private health information can be accessed under limited conditions, including:
- To facilitate your care and treatment.
- To pay for your health care.
- With the person financially responsible for your health care bills, unless you state otherwise.
- To make required reports to government agencies regarding things like occurrences of certain diseases or gunshot wounds.
- To prevent a serious health risk to you, the patient, or to other people.
Other important things to know:
- Employers: Employers are not required to comply with HIPAA's privacy protections.
- Personal representatives: Generally a personal representative must be allowed access to review and inspect your health records on your behalf. A parent would be a personal representative for a minor child. If you have appointed a health care power of attorney that person could act as your personal representative.
- Family & friends: Except under certain circumstances, providers are not allowed to share your health information with your family members or friends to maintain your privacy. But you can give your providers permission to share your information with whomever you choose, such as your spouse, parents or siblings. Providers typically prefer you to give written permission, but it is not required by law.
This article is intended to give you a brief overview, so none of the examples are exclusive. I'll be covering more information about HIPAA in parts two and three of this series, but if you have questions now, please share them in the comments.
Have you shared your migraine story with us yet?