HIPAA: Protecting Your Sensitive Medical Information

When visiting the doctor’s office, you may have seen posters or mentions on paperwork of “HIPAA.” Well, what is HIPAA? How does it help you, and how did it come to be? Let’s take a closer look at this powerful and influential piece of legislation.

Firstly, HIPAA stands for the Health Insurance Portability and Accountability Act. It was passed under President Clinton’s administration in 1996 with overwhelming bipartisan support, with all 100 senators voting in favor of its passing. HIPAA’s establishment ushered in a new era of patient privacy. However, it was only initially intended to decrease the power of insurance companies and to allow for smaller companies, low-class individuals, and people transitioning between jobs to still receive fair coverage (Markiewicz, 2008).

Today, we know it as something that protects our medical information, preventing doctors from telling other patients that you’re suffering from X disease, for example. There are three main rules to HIPAA which are the privacy rule, the security rule, and the breach notification rule (Centers for Medicare & Medicaid Services, 2022). The privacy rule outline how private health information may be used or disclosed. On the whole, the decision to use this information is up to the patient and/or their immediate family. Healthcare providers and insurance companies are not permitted to share your information unless the privacy rule states that that certain type of information can be shared, or you have given express permission.

Secondly, the security rule protects your online health information. Healthcare providers are required to use patient data appropriately and securely, and privacy and security officers must perform evaluations to ensure that this rule is being followed. Physical screens should not be allowed to be seen by other people, and all employees will be trained to handle your data safely. With the shift in the medical field towards online storage of data, which you might have been able to see during your visits to the doctor with the widespread use of computers and tablets, online security has become increasingly important.

Finally, the breach notification rule comes into play if there is, as the name suggests, a breach of patient data. If this happens, the Department of Health and Human Services must be alerted immediately as well as the patient. A major breach also warrants an alert to the press. Entities must comply with these rules or else they may face fines from the Office for Civil Rights. Of course, a hack into peoples’ medical data would be disastrous, and as time has passed we have seen more and more hacks into banking information, social media accounts, and other important data. With the concerns of hacks and data breaches ever-growing, it is now necessary more than ever that if a breach were to happen, institutions go through the proper protocol to stay accountable for your information.

Ultimately, HIPAA should make you feel safe when visiting the doctor and sharing everything about your wellbeing. No medication, treatment or diagnosis should find its way to a person other than your doctor without your consent. You are in control of your information, and no one else can take away that autonomy. If you’re concerned about your medical records being leaked, hopefully HIPAA can give you the comfort and faith in our health industry that only you possess sovereignty over your sensitive information.

References

Center for Medicare and Medicaid Services. (2022). HIPAA Basics for Providers: Privacy, Security, & Breach Notification Rules. CMS. Retrieved November 30, 2022, from https://www.cms.gov/Outreach-and-Education/Medicare-Learning-Network- MLN/MLNProducts/Downloads/HIPAAPrivacyandSecurity.pdf

Markiewicz, D. (2008). HIPAA Frequently Asked Questions. HIPAA Security Frequently Asked Questions - Information Security Office - Computing Services - Carnegie Mellon University. Retrieved November 30, 2022, from https://www.cmu.edu/iso/governance/hipaa/faq.html

(OCR), O. for C. R. (2022, November 28). HIPAA. HHS.gov. Retrieved November 29, 2022, from https://www.hhs.gov/hipaa/index.html. 

R., M. (2022, October 24). What are the three rules of HIPAA? WheelHouse IT. Retrieved November 29, 2022, from https://www.wheelhouseit.com/what-are-the-three-rules-of-hipaa/ 

2022, from https://www.hhs.gov/hipaa/index.html