HIPAA 101

A simple question doesn’t always have a simple answer. “Why did my friend go to the hospital?” seems to be a simple question, but the answer is blocked by a federal law. While most think of the law as the protector of medical records, privacy isn’t even in its name.

We call it HIPAA (pronounced HIP-pah), but the Health Insurance Portability and Accountability Act of 1996 also has been known as the Kassebaum-Kennedy Act or Kennedy-Kassebaum Act. Sen. Nancy Landon Kassebaum, R-Kan., was a leading sponsor of the bill, along with Sen. Edward Kennedy, D-Mass.

The official explanation is: “An Act To amend the Internal Revenue Code of 1986 to improve portability and continuity of health insurance coverage in the group and individual markets, to combat waste, fraud, and abuse in health insurance and health care delivery, to promote the use of medical savings accounts, to improve access to long-term care services and coverage, to simplify the administration of health insurance, and for other purposes.”

The main intent was that the health industry would save money by computerizing paper records. That led to concerns over privacy, which led to new privacy regulations.

Protected Health Information

Protected Health Information, called PHI, is any information about a person’s health status, any health services provided to the person and any payment specifics about those services. Details of your medical record may not be shared without your consent. That’s one reason there are so many forms to sign at the doctor’s office nowadays, they must have your consent to process your visit for billing, insurance purposes, etc.

That is also why it is so difficult to obtain information about friends in the hospital. Their condition, the reason they are in the hospital, even their names, are considered part of their medical record and subject to strict HIPAA regulations. Violations result in expensive fines, and health care workers are required to receive training on how to keep all medical information safe.

Here are some key privacy points:

  • When your health information is shared, only the minimum necessary should be disclosed.
  • Health information is to be used only for health purposes. Without your consent, it can’t be used to help banks decide whether to give you a loan or by potential employers to decide whether to give you a job.
  • If someone wants to share your health information, you have to give your formal consent.
  • You can ask for copies of all this information and make appropriate changes to it. You can also ask for a history of any unusual disclosures.
  • Your health care provider and insurance company must explain how they’ll use and disclose health information. (Information from WebMD.)

Retirement community regulations

Retirement communities that provide state-licensed services, such as assisted living and health care, must abide by the strict privacy regulations. Presbyterian Manors of Mid-America employees receive training and updates regularly. Vendors are also trained to ensure resident privacy is maintained.

PMMA employees know they are not to chat about residents in the hallways – or anywhere – because that violates their privacy protections.

The privacy laws are why health care staff can’t talk to other residents about the people in their care. It’s not that they are being unhelpful or that they don’t care about your feelings. They are required to keep the information confidential.

Another key component of the privacy rules that affect health care residents is that the “information” may not be linked to an individual. In the rules, “information” includes photos of faces. That’s why we ask residents to sign consent forms when we take pictures for our newsletters, web sites and other marketing purposes.

Family concerns

Information from AARP explains that health care staff can discuss conditions and treatments with family members, but you must give written permission for your loved ones to see your official medical records. It’s a good idea for older adults to have their adult children sign a letter or form designating them as a personal representative in case the need arises. This will give the health care providers the coverage they require to avoid HIPAA violations, according to AARP.