HIPAA Myth vs. Fact – What you should know about HIPAA
May 06, 2014
Matt Fisher with Mirick O’Connell’s Health Law Group posts articles on health law on his online blog: The Pulse. In his recent two articles, Matt clarifies common HIPAA myths clarified and detailed below:
- HIPAA allows medical providers to share patient medical records for certain purposes
- Medical provider must acquire specific authorization from patient to share medical information with family or other caregivers
- Medical providers may communicate with a patient by email however it is recommended that the email be encrypted. Patient may request not to receive email communication and this request must be honored by the medical provider
- Medical providers may announce a patients name in waiting room
- Medical providers must provide copies of a patient’s medical records to them, however the provider may charge a “reasonable” fee
- When a patient requests their medical records, medical providers do not have to release all medical records and there are specific records that are exempt from patient access
- Patients’ health information is protected when held by a health plan, health care provider or clearinghouse, but it is not always protected by other entities (for example life insurance or employer health plan)
- Patients’ health information may be used for marketing purposes only if the medical provider receives authorization from the patient
- Patients may not personally sue a medical provider for a HIPAA violation, only the federal government or state attorney can bring action for HIPAA violation
- HIPAA cannot be used as a reason for denying patient access
View the first article reviewing the top five HIPAA myths on The Pulse:
http://mirickhealthlaw.wordpress.com/2014/04/21/hipaa-myths-do-you-know-whats-true/
View the second article reviewing additional HIPAA myths on The Pulse:
http://mirickhealthlaw.wordpress.com/2014/04/29/hipaa-myths-part-2-more-testing-of-your-knowledge/
Medical Economics resources for HIPAA:
http://medicaleconomics.modernmedicine.com/medical-economics/news/hipaa-how-protect-yourself-and-your-practice
• HIPAA Omnibus Rule
https://www.gpo.gov/fdsys/pkg/FR-2013-01-25/pdf/2013-01073.pdf
• HIPAA Security Rule Toolkit
http://scap.nist.gov/hipaa/NIST_HSR_Toolkit_User_Guide.pdf
• OCR Guidance on Risk Analysis
http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/rafinalguidance.html
• OCR’s Enforcement Policy
http://www.hhs.gov/ocr/privacy/hipaa/enforcement/index.html