Patients may have more rights over their health records than you realize.
Under today’s privacy rules, consent entails far more than a “check-the-box” exercise as in the past.
In a public awareness effort, the feds recently released information to educate the public so people can make choices based on personal preferences.
Here are some of the key points to keep in mind:
- Patients are permitted to see, or get an electronic or paper copy, of their medical record and other health information a doctor has about them. Generally patients should expect to have copies of their records within 30 days of a request, and they may be charged a reasonable fee, based on allowable calculations.
- Patients may ask their doctor to correct health information they believe is incorrect or incomplete. The doctor may say no, but should offer a written explanation of why within 60 days.
- Patients may ask for a list of the times their health information has been shared, who received it and why, going back six years
If a patient pays out-of-pocket in full for a service or health care item, the patient can ask a doctor not to share that information with the patient’s health insurer. The doctor should say yes unless a law requires the sharing of certain information.
In addition, a patient can ask to be contacted in a specific way, such as at an office phone or at a different mailing address. In its Guide to Privacy and Security of Electronic Health Information, the feds tell health care providers they “must accommodate reasonable requests” from patients. For example, a patient may request that appointment reminders be left on their work voicemail rather than home phone voicemail.
For those who prefer email communications, healthcare providers may send unencrypted emails. However, the patient should consent to unsecured emails based on an understanding of the risks.
There are certain things that HIPAA does not do, and these limitations should be understood as well, as detailed in a federally produced Fact Sheet titled Medical Privacy of Protected Health Information.
For example, the Fact Sheet points out that healthcare providers can share protected health information, without a patient’s permission, with:
- Other professionals who are treating that individual;
- Health plans and other entities for billing and payment purposes;
- Certain public health and safety officials, for situations such as disease prevention, product recalls, suspected abuse, neglect or domestic violence.