What is HIPAA?
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) began as a “portability act” to help individuals keep their health insurance coverage as they moved from one job to another. HIPAA evolved to include much more than portability. It is a complex set of rules that cover patient privacy and the use of information technology to transfer your medical records.
Your right to control the use and disclosure of your personal health information was eliminated in 2003 by regulatory changes made to HIPAA.
Effective April 14, 2003, patients were required to sign new “Privacy Forms” that gave the illusion that their records were private. (See “The Elimination of Consent” chart below for a more detailed explanation.)
What do these changes mean?
The changes mean that millions of strangers, as well as employers, can use your health records for reasons that have nothing to do with your treatment or improving your health care. In an era of Electronic Health Records (EHRs) and Personal Health Records (PHRs), the problem could get worse as your personal health information is more easily accessible. Though the promise of electronic records is great, privacy is the key to realizing the potential benefits of these new and innovative systems.
| 1996 | Congress passed HIPAA, but did not pass a federal medical privacy statute, so the Dept. of Health and Human Services (HSS) was required to develop regulations that specified patients’ rights to health privacy. | “…the Secretary of Health and Human Services shall submit to [Congress]… detailed recommendations on standards with respect to the privacy of individually identifiable health information.” |
| 2001 | President Bush implemented the HHS HIPAA “Privacy Rule” which recognized the “right of consent”. | “…a covered healthcare provider must obtain the individual’s consent, in accordance with this section, prior to using or disclosing protected health information to carry out treatment, payment or health care operations.” |
| 2002 | HHS amended the HIPAA “Privacy Rule”, eliminating the “right of consent”. | “The consent provisions… are replaced with a new provision…that provides regulatory permission for covered entities to use and disclose protected health information for treatment, payment, or health care operations.” |
Download the Elimination of Consent as a PDF file.
HIPAA – The Reality
The “Privacy Rule” Became the “Disclosure Rule”
HIPAA produced absurd results because patients were no longer asked what medical information they wanted shared and what information they wanted to be kept private. Barriers were created that patients didn’t want, and access was granted to private corporations, individuals and government agencies that patients would never have agreed to.
Even more damaging, the amendments to the “Privacy Rule” opened the nation’s sensitive health records to millions of providers, employers, government agencies, insurance companies, billing firms, transcription services, phamacy benefit managers, pharmaceutical companies, data miners, creditors and more for any “routine” use.
- You will not receive any notice of “routine” use and disclosure of your health information.
- There are no audit trails of “routine” uses and disclosures
- Access to you health record is retroactive, regardless of whether you paid out-of-pocket or were guaranteed privacy at the time. This means your health records from birth to death are available to others.