The Health Insurance Portability Accountability Act

The HIPAA or Health Insurance Portability Accountability Act was passed by Congress in 1996. It is intended to protect patients medical records and any other information pertaining to their health and well being.

For the purposes of the HIPAA, the records are referred to as “Protected Health Information” and there are a raft of policies and rules regarding how they are stored, used and transmitted. The information can be anything from doctors notes, test results, lab results, billing information or health insurance documents, and also any email transmission of such documents.

Despite this law being in place for almost 15 years, there is still much confusion about what it means, who it covers and what to do about it. This has led to an almost paranoid attitude towards patient records, with providers fearing that they would be sued for letting any of it get loose. This has managed to slow down and stifle the transfer of medical information between organizations, which isn’t ideal in any situation.

HIPAA email rules form part of the overall legislation and specifically cover electronic mail transmission and storage of HIPAA information. It’s also part of the confidentiality scheme that includes transmission and storage of emails, as well as paper records. Emails must be sent encrypted, stored securely and be readily retrievable if necessary.

Patients are also surprised when they realize who can see their records. In fact, anyone who has any dealings with medical bills, insurance and healthcare can access the records including employers, insurance companies and the government if Medicare or Medicaid is involved.

Patients know if their doctor complies with HIPAA as they will be given a copy of the doctor’s notice of privacy policy. This policy should outline what information your doctor retains, shares and with whom. It will also list how your private health information might be disclosed without your permission and how other disclosures can only be made with your consent. Patients are asked to sign this policy, but it doesn’t mean the patient is signing away any rights, just that they acknowledge they have been shown the policy.

In some aspects the HIPAA works quite well. It protects patient information quite effectively, yet stays out the way during practical problems, like if a patient needs a relative to collect a prescription, or when a school needs to access a child’s vaccination records. It does create quite an overhead for doctors, hospitals and insurance companies though as there is a lot more to administrate.

Using email, keeping records, storing information and how it’s shared is now completely different, and takes a lot more looking after. Email has to be encrypted, protected on computers, stored securely and be able to be retrieved quickly. This not only means new systems to facilitate this, but also the people and training for them to use it.

Overall the HIPAA is good news for patients. It goes a long way to protecting confidentiality. As always, the legislation isn’t perfect and causes as many problems as it solves. It takes a considerable amount of effort to comply with and is overly complicated.