Note: The DearEsq free 'ask a lawyer' site is offered as a free informational service to the public and is not intended as legal advice. Laws vary from state-to-state, and in addition every situation is unique, and relevant facts may not be known. The answer to the question posed below may not apply to in your state or to your situation. For legal advice in your state and your situation you should consult with an attorney in your state who is familiar with the rules and laws in your state.
HIPPA law? HIPPO law? HEPPA law? Which one is right? None of them, as it turns out, it’s actually “HIPAA”, and it stands for the “Health Insurance Portability and Accountability Act” (of 1996). But it’s still called HIPPA law, as often as not.
HIPAA is intended, the law tells us, “to improve portability and continuity of health insurance coverage in the group and individual markets, to combat waste, fraud, and abuse in health insurance and health care delivery, to promote the use of medical savings accounts, to improve access to long-term care services and coverage, to simplify the administration of health insurance, and for other purposes.”
While it may be intended to simply the administration of health insurance, any medical practitioner or administrator, or their lawyer, will tell you that it has horribly complicated things.
Even just the titles of the sections of the HIPAA law sound daunting. “Standards for information transactions and data elements.” “General penalty for failure to comply with requirements and standards.” “Wrongful disclosure of individually identifiable health information.” And it’s every bit as complicated as it sounds.
The bottom line, however, is that HIPPA was intended to protect patients, and to do so in four main ways: to ensure health insurance portability (hence the name, the “Health Insurance Portability and Accountability Act”), to address fraud and abuse in healthcare, to ensure privacy and security of individuals’ health and medical information, and to standardize the handling of that information and to enforce those standards.
Medical consumers should know their basic rights under HIPAA. They include that one’s medical information cannot, without permission, be shared with one’s employer or be used for advertising or marketing. Also, private notes about one’s mental health counseling sessions cannot be shared with out permission.
On the other hand, HIPAA expressly allows that one’s medical information can be used and shared for the following:
To facilitate and coordinate treatment and care.
To pay doctors and hospitals for your health care.
To provide information to your family, relatives, or friends who are involved with either your health care, or your health care bills (unless you object).
To make sure that doctors give good care.
To make sure that nursing home are clean and safe.
To protect the public health; and
To make required reports to the police, such as reporting a wound from a weapon.
While this may seem like a long list of people to whom, and circumstances under which, your private medical information may be disclosed, remember that it is the exception and not the rule. Nearly all other scenarios require your health care professionals to keep your medical information private, and if they don’t, they may have violated the HIPAA law.