Patient Privacy Rights

About HIPAA Summit Media Contact DONATE

What is HIPAA?

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) began as a “portability act” to help individuals keep their health insurance coverage as they moved from one job to another.  HIPAA evolved to include much more than portability.  It is a complex set of rules that cover patient privacy and the use of information technology to transfer your medical records.

Your right to control the use and disclosure of your personal health information was eliminated in 2003 by regulatory changes made to HIPAA. 

Effective April 14, 2003, patients were required to sign new "Privacy Forms" that gave the illusion that their records were private. (See "The Elimination of Consent" chart below for a more detailed explanation.)

What do these changes mean?

The changes mean that millions of strangers, as well as employers, can use your health records for reasons that have nothing to do with your treatment or improving your health care.  In an era of Electronic Health Records (EHRs) and Personal Health Records (PHRs), the problem could get worse as your personal health information is more easily accessible. Though the promise of electronic records is great, privacy is the key to realizing the potential benefits of these new and innovative systems.

The Elimination of Consent

1996 Congress passed HIPAA, but did not pass a federal medical privacy statute, so the Dept. of Health and Human Services (HSS) was required to develop regulations that specified patients' rights to health privacy. "...the Secretary of Health and Human Services shall submit to [Congress]... detailed recommendations on standards with respect to the privacy of individually identifiable health information."
2001 President Bush implemented the HHS HIPAA "Privacy Rule" which recognized the "right of consent". "...a covered healthcare provider must obtain the individual's consent, in accordance with this section, prior to using or disclosing protected health information to carry out treatment, payment or health care operations."
2002 HHS amended the HIPAA "Privacy Rule", eliminating the "right of consent". "The consent provisions... are replaced with a new provision...that provides regulatory permission for covered entities to use and disclose protected health information for treatment, payment, or health care operations."

Download the Elimination of Consent as a PDF file.

HIPAA - The Reality

The "Privacy Rule" Became the "Disclosure Rule"
HIPAA produced absurd results because patients were no longer asked what medical information they wanted shared and what information they wanted to be kept private. Barriers were created that patients didn't want, and access was granted to private corporations, individuals and government agencies that patients would never have agreed to.

Even more damaging, the amendments to the "Privacy Rule" opened the nation's sensitive health records to millions of providers, employers, government agencies, insurance companies, billing firms, transcription services, phamacy benefit managers, pharmaceutical companies, data miners, creditors and more for any "routine" use.

Click here for more HIPAA Related FAQs.