Medical Privacy Laws, Explained
What you need to know about HIPAA and more
Laws have been enacted to help protect your medical privacy. Here's the lowdown on two such regulations and the aspects of medical privacy they protect.
The best-known law in the area of medical privacy is the Health Insurance Portability and Accountability Act of 1996, or HIPAA. The law spells out who can access your personal information (healthcare providers, their business associates, and subcontractors such as claim processing services) and how they might use and share it.
The second key medical privacy law is the 2009 Health Information Technology for Economic and Clinical Health Act, or HITECH, which comes into play if a breach of unsecured health data occurs. When a breach take place, all affected patients must be notified. If a breach affects more than 500 people, the media and federal government must also promptly be informed.
The Challenges of Medical Privacy Law
Laws that offer medical privacy protections are good news for consumers, but they are not without problems. In some instances, doctors and other healthcare employees might be uncertain about what information—and with whom—they are legally allowed to share. So a patient’s family members may be denied crucial information about his or her treatment because of HIPAA concerns, even when there’s no legal reason to withhold it.
And in a strange twist, certain healthcare providers, worried about complying with HIPAA, have refused to let medical identity theft victims see their own health records once they’ve been fraudulently commingled with a thief’s info.
The federal government has clarified that this is not a true reading of HIPAA. Under the law, you are always entitled to see your own medical records, even if a thief's information has been introduced into them.
Editor's Note: This article also appeared in the October 2016 issue of Consumer Reports magazine.
