As your parent’s advocate, with HIPAA you have the right to obtain records.
[Part 1 of 2]
Managing your own health care, much less a parent’s care, can quickly become complicated as health problems arise. When we’re young and healthy, an annual physical checkup, a few screening tests, a dental cleaning, and an eye exam are easy to manage over a year. But as I recently experienced, a simple dental problem mushroomed into multiple procedures by specialists in different practices, various prescriptions, and side effects that also had to be addressed. Unexpectedly, my paper file of appointments, prescriptions, symptoms and side effects, instructions, and payments became a fat folder.
And what happens when life gets more demanding and an elderly parent develops numerous health problems and sees many different care providers? How do we keep up with all the details? How do we ensure that anyone caring for that parent knows the bigger picture and has all the necessary information on the patient’s condition, treatment, and medications?
In the past a distressing number of patient deaths were attributed to incomplete or incorrect information about the patient. The industry does a better job avoiding mistakes nowadays, thanks in part to electronic health records that, for example, can check for drug interactions and alert doctors, nurses, and pharmacists to contraindications. But one provider’s information may not always travel with the patient to another healthcare provider. And the patient’s family may not have complete information either. Although healthcare providers are the professionals directly responsible for patient care, we know that the best outcomes are where family is involved and informed. When patients cannot advocate for themselves, a family member is irreplaceable.
In addition to knowing everything you can about your parent’s health to be supportive and to ensure the best care, sometimes your knowledge of the details can be critical to your parent’s treatment and outcome. For example, your parent may forget to tell a healthcare provider every supplement he or she is taking, and one supplement may interact with a prescription to weaken or change the drug’s effect on your parent. It is important that that supplement be documented in the patient’s record for anyone involved in the patient’s care.
The Health Insurance Portability and Accountability Act (HIPAA)
Congress passed this sweeping law in 1996. One goal was to push the healthcare industry to modernize and save money by moving away from paper records and to electronic systems. Further, those electronic systems should be able to easily communicate by using standardized transactions such as claims sent by providers to health insurers for payment.
Wisely, Congress recognized that shifting to electronic systems increases the security and privacy risks to patient data in electronic form. Now, instead of a single, physical paper record in a doctor’s office, electronic records can be simultaneously accessed through computers from anywhere in the world. This has clear advantages for patient care, but the industry must take strong measures to protect electronic systems in ways never imagined in the days of paper records. Hence, Congress directed the US Department of Health and Human Services (HHS) to write and enforce security and privacy regulations demanded by HIPAA.
In 2001 HHS published the HIPAA privacy rule. The people who wrote this set of regulations or requirements for the healthcare industry expected that healthcare providers – including not only hospitals, but also nursing facilities, out-patient offices (such as medical, surgical, dental, mental health, and physical therapy), and pharmacies – will keep accurate and complete records of patient care. Providers are required to have formal record-keeping procedures in order to be credentialed and to receive payment for services and products.
The HIPAA privacy rule tells healthcare providers and health insurers how they must protect patient information (called Protected Health Information or PHI) from misuse. And the rule tells them – and us, the healthcare consumers – what rights we have regarding the privacy of that information. These rights reflect commonly accepted privacy rights in the Western world today. They are summarized in the HIPAA privacy notice you receive when to go to a new provider and can read on every healthcare provider and payer’s website.
Among the HIPAA privacy rights is the right to access information about ourselves, or those we represent, such as a parent. To be the best advocates for ourselves, our parents, and our children, it is valuable to understand the details contained in this right.
The HIPAA privacy rule and the right of access includes the following:
Note that hospitals and medical centers typically have “portals” or websites where patients can log on and access information such as their appointments and lab test results. While patients may find this the most relevant information, be aware that portals do not include all the information patients are entitled to view and have copied.
In Part 2, You will learn how to take advantage of this right, as well as some choices and challenges you may face.
Note: HHS provides an explanation of the right to access and guidance regarding charging fees for copies (scroll down on the page) at: Health Information Privacy
With thanks to contributor, Kate Borten, CISSP, CISM, HCISPP, President, the Marblehead Group.
Kate is passionate about teaching people what constitute good security and privacy practices and why they’re relevant and valuable.
Kate worked in healthcare IT for many years before she was tapped to lead Massachusetts General Hospital’s first information security program. Then along came HIPAA, shining a light on security and privacy issues and solutions in the industry. In 1999 Kate formed The Marblehead Group, a security and privacy consultancy focused mainly on helping organizations protect patient information.
Disclaimer: The material in this blog is for educational purposes only. It is not intended to replace, nor does it replace, consulting with a physician, lawyer, accountant, financial planner or other qualified professional.