Congress passed the Health Insurance Portability and Accountability Act (HIPAA) to help ensure the protection of patients’ medical records and personal health information. The rule sets boundaries on the use and release of medical records, established safeguards to help protect the information and holds those who violate these protections accountable for wrongdoing through the use of civil and criminal penalties.
The rule is one the federal government takes seriously through prosecution of violators. This was recently highlighted in a case that led to an oncology group paying $2.3 million to the United States Department of Health and Human Services (HHS) Office for Civil Rights for a violation of HIPAA.
Does HIPAA protect patients’ privacy? Physicians and medical professionals may inadvertently violate patients’ privacy rights while still remaining well within the bounds of HIPAA. Examples can include sharing medical records with other physicians, hospitals that fail to honor a patient’s request for restrictions on access to medical records and use of the information for research purposes without prior patient consent.
What can be done to extend these protections? Two ways to extend these protections include:
- Congressional action: Congress can take additional action to expand the protections provided under HIPPA.
- State action: States can also enact additional medical privacy laws to supplement regulation under HIPPA.
Additional protections could increase a provider’s ability to provide quality care. A recent study by the Citizens’ Council notes 87 percent of patients were unwilling to disclose their entire medical record to their provider for fear of privacy violations. Additional protections could help to mitigate this fear and provide medical professionals with the information needed to better treat patients.