The Health Insurance Portability and Accountability Act, more popularly called HIPAA, is the defining federal statute on health privacy. It was enacted in 1996 under President Bill Clinton, and is as of now the only national health privacy law in the US. Although two decades have lapsed from the time of the passage of this important legislation, there still persist many myths and misconceptions about HIPAA.
Although it is not possible to enumerate all the possible HIPAA myths and facts that need to be listed, a few common ones are described here:
HIPAA myths and facts 1: Patients can take healthcare providers to court for a HIPAA privacy violation.
They cannot. Fact is, even if the healthcare provider commits the worst kind of privacy violation, the affected individual may only complain to the Secretary of the Health and Human Services (HHS). Appropriate investigations and subsequent penalties, if levied, will be imposed by the HHS and will be enforced by the Department of Justice (DoJ).
HIPAA myths and facts 2: Healthcare providers are allowed to share personal health information about patients with their employers.
They are not. Employers are allowed to get access to the personal health information about patients who are their employees, but only with the consent of the patient. This cannot be done without the explicit, written consent of the employee. This written permission should contain all the necessary details about the information to be shared, such as what information is to be shared, who is sharing it, till what time the information can be shared, and so on. This permission has to be endorsed by being signed by the patient.
HIPAA myths and facts 3: The patient's family member is not allowed to pick up prescriptions and other documents related to the patient.
They are. Documents such as prescriptions, X-rays and other medical records can be picked up by the patient's family member. In fact, a pharmacist can sell the prescribed medicines to any person other than the patient.
HIPAA myths and facts 4: Healthcare providers cannot share information about the patient with the patient's family without written permission.
This is not so. When the situation warrants it, the patient's family or a close friend or associate can be given information about the patient's health condition, insurance, payments, etc. even without a formal written assent.
HIPAA myths and facts 5: Patients medical records cannot be used for marketing
This is one of the most popular myths surrounding HIPAA. Making the patient known about the details of a certain health or insurance plan is not considered marketing. In fact, this information has to be shared by the healthcare provider to help the patient take an informed decision about the health plan she wants to choose.