The Health Insurance Portability and Accountability Act (HIPAA), enacted in 1996, is celebrating its 25th birthday this year, and much has changed since the mid-90s. Music, clothes, how we communicate, advancements in Internet offerings – and how we seek healthcare. The COVID-19 pandemic has fast-forwarded telehealth adoption, bringing new attention to HIPAA release forms and what exactly those mean.
P for Privacy?
So, what is the true intention of HIPAA and what privacy does it actually provide? It surprises most people who discover that there is no “privacy” in HIPAA’s name – rather, “portability”.
This intriguing HIPAA article titled “HIPAA, the health privacy law that’s more limited than you think, explained” by Sarah Morrison and published on Vox, further details HIPAA’s reason for being and its limitations. The article also shares a Twitter feed created to highlight comical HIPAA mistakes and references.
“Suffice it to say, Bad HIPPA Takes has plenty of material to draw from for its more than 11,000 followers. But, actually informing the general public about what HIPAA does is another matter.”
2021 brought new awareness to what HIPAA really means. Once a mystery, HIPAA has now become part of our everyday language. It is common to see this law cited for anything and everything related to medical information that people quite frankly don’t want to share. A hot-button example these days is one’s COVID-19 vaccination status.
Your Rights
The Department of Health and Human Services provides clear guidance for both individuals and businesses about HIPAA’s implications. These are three main sections of protected information you should know:
Your Information
- You can ask to see or get a copy of your medical information at any time (You may have to sign a medical release form and pay for printing or mailing costs). Your copy must be given to you within 30 days of your request.
Corrections
- You can ask to modify any wrong information in your chart or add information if you believe it to be incomplete. These changes must be made, even if the hospital does not agree, and your file should be updated within 60 days.
Know Who Has Access
- Your health information cannot be used by those who have access for reasons not directly related to your care. For example – your doctor can’t use your info for marketing or advertising without your consent.
Covered Entities
You might be surprised to discover that non-healthcare related businesses, schools, places of employment, and organizations are not covered entities under HIPAA. Your employer can ask you to provide a doctor’s note for illness and a business can ask if you have been vaccinated. Schools can require certain health records. You always have the right to refuse to answer, but you are not necessarily shielded from the consequences under HIPAA. For example, you may not be able to shop at a store or travel on an airplane.
To find out more about HIPAA, please visit the HHS.gov for specific scenarios and answers to common questions. For more about keeping data secure in the digital age with HIPAA compliant forms, contact FormDr, the leader in easy-to-use, HIPAA-compliant online forms.