Privacy is a huge concern and I'm seeing it discussed all over the place. As I read it (and I just read) doctors are being instructed to ask very personal questions/and some are taking retirement as a result. I personally would be offended at some of the questions now being asked/and would refuse to answer on the grounds none of your damn business.
~
The federal Health Insurance Portability and Accountability Act (HIPAA) sets a national standard for privacy of health information. It was implemented in 2003. But HIPAA only applies to medical records maintained by health care providers, health plans, and health clearinghouses - and only if the facility conducts certain transactions electronically. A great deal of health-related information exists
outside of health care facilities and the files of health plans, and thus beyond the reach of HIPAA. (PRC
Fact Sheet 8a: HIPAA Basics)
The HHS "
Omnibus Rule," issued on January 25, 2013, makes substantial modifications to the HIPAA privacy, security, and data breach rules, as required by the Health Information Technology for Economic and Clinical Health Act (HITECH) of 2009.
The extent of privacy protection given to your medical information often depends on where the records are located and the purpose for which the information was compiled. The laws that cover privacy of medical information vary by situation. And, confidentiality is likely to be lost in return for insurance coverage, an employment opportunity, your application for a government benefit, or an investigation of health and safety at your work site.
In short, you may have a false sense of security. That’s because medical information that is collected outside a HIPAA environment may not afford you HIPAA’s basic privacy rights to (1) access your medical records (2) request an amendment to your records and (3) request an accounting of disclosures.This guide provides information on medical records
not covered by the HIPAA Privacy Rule.
3. What medical information is not covered by HIPAA?Medical information that is not covered by the federal privacy rule might be found in your financial records, your child's school records, and/or your employment files.
Financial records. The federal Gramm-Leach-Bliley Act (GLB) allows financial companies such as banks, brokerage houses, and insurance companies to operate as a single entity. GLB gives you the right to be notified about the information-sharing practices of financial institutions. And you must be given an opportunity to opt-out of third-party information sharing. But GLB does not keep information from being shared among affiliated companies.
Your credit card account and checking transactions are likely to include information about where you go for health care. Insurance applications and medical claims also contain health-related information. So it is possible for such medical information to be shared among affiliates of financial institutions. Such information is
not protected by HIPAA.
Some financial companies promise extra protection for medical information. And insurance companies may be prohibited from giving information to an affiliated bank by state insurance laws. It pays to examine the privacy notices of financial institutions carefully. (Read PRC
Fact Sheet 24: Protecting Financial Privacy.)
4. Who has access to your medical records?Your medical information is shared by a wide range of people both in and out of the health care industry. Generally, access to your records is obtained when you agree to let others see them. In reality, you may have no choice but to agree to the sharing of your health information if you want to obtain care and qualify for insurance.
A. Insurance companies usually require you to release your records before they will issue a policy or make payment under an existing policy. This is especially true if you apply for individual health insurance as opposed to a group health plan available through your employer.Insurance companies are considered financial institutions under the federal GLB law. Like banks and brokerage houses, they must provide you a notice of how they gather and use your customer information. You may have the right to opt-out of sharing some information with other companies.To learn more about the insurance privacy laws in your state, visit your state's Department of Insurance website. Find your state's Department of Insurance by visiting the
National Association of Insurance Commissioners website. Medical information gathered by an insurance company may also be shared with others through the Medical Information Bureau (see below).
5. How can I protect the privacy of my medical records?The federal law on medical privacy, HIPAA, went into effect in 2003. For the first time, federal law established standards for patient privacy in all 50 states, including the right of patients to access to their own records. The stronger laws already in effect in the states were not weakened. Although HIPAA provides some protection, it is not the final answer to medical records privacy. Here are some strategies to limit others' access to your medical records:
A. Discuss your confidentiality concerns with your doctor. If you want a specific condition to be held in confidence by your personal physician, bring a
written request to the appointment that revokes your consent to release medical information to the insurance company and/or to your employer for that visit. You must also pay for the visit yourself rather than obtain reimbursement from the insurance company.To be especially certain of confidentiality, you may need to see a different physician altogether and
pay the bill yourself, forgoing reimbursement from the insurance company. Realize that under HIPAA, your attempts to restrict the sharing of specific records can be denied by the health care provider.
B. Ask your health care provider to use caution when
photocopying portions of your medical records for others. Sometimes more of your medical records are copied than is necessary, for example, when requested by the insurance company or another health care provider.
C. Find out if your health care provider has a policy on the use of
cordless and cellular phones and
fax machines when discussing and transmitting medical information. Wireless telephones are not as private as standard "wireline" telephones. Because they transmit by radio wave, phone conversations can be overheard on various electronic devices. Digital systems are more secure. (See PRC
Fact Sheet 2: Wireless Communications)Fax machines offer far less privacy than the mail. Frequently many people in an office have access to fax transmissions. Staff members at all levels of the organization should take precautions to preserve confidentiality when sending and receiving medical documents by fax machine. (See PRC
Fact Sheet 12: Checklist of Responsible Information Handling Practices)
Your medical information is not confined to health care institutions. Here are some additional situations where you must be careful to protect your privacy.
https://www.privacyrights.org/fs/fs8-med.htm