HIPAA Myth vs. Fact – What you should know about HIPAA

May 06, 2014

Matt Fisher with Mirick O’Connell’s Health Law Group posts articles on health law on his online blog: The Pulse. In his recent two articles, Matt clarifies common HIPAA myths clarified and detailed below:

  1. HIPAA allows medical providers to share patient medical records for certain purposes
  2. Medical provider must acquire specific authorization from patient to share medical information with family or other caregivers
  3. Medical providers may communicate with a patient by email however it is recommended that the email be encrypted. Patient may request not to receive email communication and this request must be honored by the medical provider
  4. Medical providers may announce a patients name in waiting room
  5. Medical providers must provide copies of a patient’s medical records to them, however the provider may charge a “reasonable” fee
  6. When a patient requests their medical records, medical providers do not have to release all medical records and there are specific records that are exempt from patient access
  7. Patients’ health information is protected when held by a health plan, health care provider or clearinghouse, but it is not always protected by other entities (for example life insurance or employer health plan)
  8. Patients’ health information may be used for marketing purposes only if the medical provider receives authorization from the patient
  9. Patients may not personally sue a medical provider for a HIPAA violation, only the federal government or state attorney can bring action for HIPAA violation
  10. HIPAA cannot be used as a reason for denying patient access

View the first article reviewing the top five HIPAA myths on The Pulse: 
http://mirickhealthlaw.wordpress.com/2014/04/21/hipaa-myths-do-you-know-whats-true/

View the second article reviewing additional HIPAA myths on The Pulse:
http://mirickhealthlaw.wordpress.com/2014/04/29/hipaa-myths-part-2-more-testing-of-your-knowledge/

Medical Economics resources for HIPAA:
http://medicaleconomics.modernmedicine.com/medical-economics/news/hipaa-how-protect-yourself-and-your-practice

• HIPAA Omnibus Rule
https://www.gpo.gov/fdsys/pkg/FR-2013-01-25/pdf/2013-01073.pdf

• HIPAA Security Rule Toolkit
http://scap.nist.gov/hipaa/NIST_HSR_Toolkit_User_Guide.pdf

• OCR Guidance on Risk Analysis
http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/rafinalguidance.html

• OCR’s Enforcement Policy 
http://www.hhs.gov/ocr/privacy/hipaa/enforcement/index.html