Know Patients’ Privacy Rights

Patients may have more rights over their health records than you realize.

Under today’s privacy rules, consent entails far more than a “check-the-box” exercise as in the past.

In a public awareness effort, the feds recently released information to educate the public so people can make choices based on personal preferences.

Here are some of the key points to keep in mind:

  • Patients are permitted to see, or get an electronic or paper copy, of their medical record and other health information a doctor has about them. Generally patients should expect to have copies of their records within 30 days of a request, and they may be charged a reasonable fee, based on allowable calculations.
  • Patients may ask their doctor to correct health information they believe is incorrect or incomplete. The doctor may say no, but should offer a written explanation of why within 60 days.
  • Patients may ask for a list of the times their health information has been shared, who received it and why, going back six years

    • If a patient pays out-of-pocket in full for a service or health care item, the patient can ask a doctor not to share that information with the patient’s health insurer. The doctor should say yes unless a law requires the sharing of certain information.

In addition, a patient can ask to be contacted in a specific way, such as at an office phone or at a different mailing address. In its Guide to Privacy and Security of Electronic Health Information, the feds tell health care providers they “must accommodate reasonable requests” from patients. For example, a patient may request that appointment reminders be left on their work voicemail rather than home phone voicemail.

For those who prefer email communications, healthcare providers may send unencrypted emails. However, the patient should consent to unsecured emails based on an understanding of the risks.

There are certain things that HIPAA does not do, and these limitations should be understood as well, as detailed in a federally produced Fact Sheet titled Medical Privacy of Protected Health Information.

For example, the Fact Sheet points out that healthcare providers can share protected health information, without a patient’s permission, with:

  • Other professionals who are treating that individual;
  • Health plans and other entities for billing and payment purposes;
  • Certain public health and safety officials, for situations such as disease prevention, product recalls, suspected abuse, neglect or domestic violence.

Upcoming Webinars

[add_eventon_list hide_month_headers="no" hide_empty_months="yes" event_order="ASC" number_of_months="3" ]

New Social Media Course

November 10, 2023 No Comments

MyHIPAA Guide is offering a new social media course that will help you protect your organization from potential privacy violations that result from social media

Read More »

Upcoming Events

10 Steps to Compliance

MyHIPAA Guide helps HIPAA-covered organizations understand what they need to do on a daily basis. Subscribers gain access to a comprehensive, human-centered HIPAA program.

CALL US TODAY:  (234) 281-4310

MyHIPAA Guide

Product

Discover

DISCLAIMER: MyHIPAA Guide content, including newsletters, is for informational purposes only. MyHIPAA Guide is not intended as legal advice or as a recommendation for a provider’s specific circumstances, and it is not intended as an exhaustive or definitive source on protecting health information from privacy and security risks. Providers and professionals seeking expert advice should consult an attorney and/or a risk assessment professional.

NOTICE TO READERS: We will do our best to report updates on HIPAA rules as quickly as possible following public notifications. In submitting questions or comments to MyHIPAAGuide.com, NEVER SEND THE PROTECTED HEALTH INFORMATION OF A PATIENT.

Copyright © by M.E.D. Media Mart LLC - Published by M.E.D. Media Mart LLC.