HIPAA allows over 4 million health related businesses and their associates to look at your health records. They are allowed to look at your records for the purposes of Treatment, Payment and Operations (TPO). TPO is so broadly written that it is hard to imagine anything that does not fall under this category.
Did you know that HIPAA also allows for some kinds of direct marketing?
Sometimes it is possible for businesses to look at and use your health records created by your doctor without explicit consent. It is legal for a company to communicate to you if the advertisement, mailer, brochure, or other communication is:
- About a drug, product or service that is covered by your plan if the communication comes from your insurer
- Related to your illness or treatment
- Involved in the management or coordination of your health care, or recommends alternative treatments, therapies, health care providers or settings of care
The Electronic Privacy Information Center (their website is an excellent resource) has a few examples of marketing allowed by HIPAA:
- A drug manufacturer can pay a doctor or a pharmacy to send refill reminders, information about specific drugs or alternative drugs to all patients that have a certain condition. The only difference between this kind of marketing and a T.V. commercial for a new drug is that this advertisement comes directly from someone you trust, your doctor or your pharmacy, even though it was designed and paid for by a drug company.
- You could receive marketing of services or products based on your personal health problems such as diabetes or HIV/AIDS. This could happen without your permission. Why? Because it is classified as case management or coordination of care.
How can we stop this? Patient Privacy Rights is working to close these marketing loopholes. We want to put the patient back in control of their own personal health information. Together we can make a difference!
Here are some easy ways for you to start protecting your privacy: