Protected Health Information or PHI is basically all the personal information patients share with their doctors or medical examiners. It has information about the patient’s health status, healthcare coverage plans, payment made or received, etc.
Medical organizations will make you sign a consent form as a standard procedure when you visit them. Now, you might wonder if your health records and private information are secure or not.
Some of the hospitals also make their patients sign consent forms with the points that prevent them from filing the malpractice suits if needed. They might even add meaningless points that prevent patients from talking about their doctors on the internet. Clearly, these points are meant for protecting the doctors more than the patients.
Sometimes the receptionists at some hospitals will insist on getting the forms signed first. They might not even let you meet the doctor unless you sign the form first. It is important for you know that such practices are in violation of the new HIPAA rules and it is not mandatory for the patients to sign the forms.
HIPAA rules are the guidelines for medical practitioners about how they should maintain the privacy of patient PHI records and also about the clauses on sharing the PHI with the concerned 3 rd parties like the healthcare insurance providers.
Simply refusing to sign the acknowledgement might not be the solution. However, you will need to read the clauses or terms carefully before signing the form. If you see points that you do not agree with, then you need not check on those points.
Before HIPAA rules
Before the rules became mandatory for medical institutions and doctors, they had the rights to share the PHI with just about anyone. This means that the PHI records could land anywhere and the patients couldn’t do a thing about it.
HIPAA rules allow for better transparency about how the PHI can be shared with insurance companies or other concerned parties. Most of the terms that people found to be objectionable were removed from the forms.
What patients should know about the information they give to their doctors
After signing the consent forms, you can ask for a copy of the acknowledgement which you can keep. The notice forms should be made available for you, even if you change your doctor or the insurance company.
The health plan providers might make the changes in their policies, but they should send the notice to the covered individuals. You can also visit the website of your insurance carrier company and request for the notice to be sent to you.
Business Associate Agreement
HIPAA places the focus on medical institutions for protecting the privacy of patient data. As a covered entity, the Business Associate Agreement that you sign with the doctors will make them responsible for protecting your confidentiality and privacy.
Therefore, the hospitals should be proactive and adopt secure ways for storing and sharing PHI.
Finally, medical or health privacy is indeed an intricate subject and unfortunately not all organizations care if you are aware of, or exercise your privacy rights. So remember that when it comes to your privacy, there’s no such a thing as being too careful.
For a more detailed look into what are all the factors to be considered in order to be HIPAA compliant, download our whitepaper Securely Gathering Patient Data.