HIPAA Basics for Migraine Patients: Spotting Violations
The Health Insurance Portability and Accountability Act (HIPAA), a 1996 federal law, gives patients rights regarding their health records and information. To make sure your rights are being honored by your health care providers and other organizations that must follow this law, it's important to know how to spot violations.
This article is the second in a series of three about HIPAA: Part 1: Your rights, Part 2: Spotting violations of these rights, and Part 3: How to file a complaint about possible violations.
Under HIPAA, health care providers and other covered individuals and organizations have an obligation to protect and keep private your medical information if personally identifying information about you is involved.
Examples of HIPAA Violations:
- The contents of your medical records are left in public view of patients or others.
- Your medical records are left unattended where others could look at them.
- Your health care provider discusses your case in a public place, such as an elevator, cafeteria, etc. Even if the place is outside the clinic or hospital setting.
- Your medical information is stored or disposed of without any precautions to safeguard your privacy.
- A staff member discusses your protected medical information where others can overhear what's being said.
- Your health care provider discusses your protected health information with their friends or family members.
- Your protected medical information is included in an email or discussed via social media, such as Facebook, Twitter, a blog, etc.
- Your medical information is shared with anyone who does not have a need to know the information, such as a member of the office staff who is not involved in your treatment.
- Your health care provider speaks with or otherwise shares your protected health information with one of your friends or family members without your authorization (except under rare exceptions).
- A friend or family member who works for a health care provider accesses your health information without any legitimate need to do in order to provide you with medical care.
- Someone who is otherwise entitled to access your medical information for a legitimate purpose accesses more than the minimum necessary.
- Your information is released to the wrong patient, such as someone with the same name. Your health care provider has an obligation to be sure the correct record is being shared by asking for verifying information, such as your date of birth.
- Failure to release your information to you when required to do so.
This list of examples is not meant to be exclusive.
I’ll be covering more information about HIPAA in part three of this three-part series: How to file a claim if you believe your HIPAA rights have been violated.
If you have questions about HIPAA or tips to share with other patients, please share them in the comments.
Can you tell when a migraine attack is coming?