With all the recent news about identity theft and privacy risks, it’s important to understand how the laws protect you and help to safeguard your sensitive health information. At Iowa Radiology, we are committed to protecting your privacy while providing you with the best possible medical care, and we want to help you understand the laws that protect you.
The primary law related to patient privacy is known as “HIPAA”—the Health Insurance Portability and Accountability Act of 1996. [1] HIPAA (and a number of subsequent laws amending and enhancing it[2]) did two tremendously important things: First, the law protected people’s right to transfer or obtain health insurance for themselves and their family when leaving an employer without fear that a preexisting condition would compromise their ability to continue or regain insurance coverage. Second, HIPAA established the first comprehensive set of privacy and confidentiality standards in the newly electronic age -- industry-wide standards for distribution and protection of sensitive patient information. Unfortunately, as electronic and online technology changes so quickly, HIPAA has been amended and supplemented by other laws and policies, which can be confusing.
HIPAA means that health care providers, plans, and clearinghouses must safeguard your private health information.
HIPAA ensures that your doctors and medical providers must take precautions to make sure that your Protected Health Information (PHI) is kept private. PHI is information which identifies you specifically (by name, Social Security number, address, birth date, or other manner) and relates to your past, present or future physical or mental health or condition, the provision of health care to you, or someone’s payment for the provision of that health care.[3] HIPAA requires that providers take extra precautions to safeguard your Protected Health Information, such as using encryption systems for communications and record storage.
At Iowa Radiology, we have the most up-to-date systems in place to ensure that your PHI stays private. Our compliance officer monitors and ensures that our policies are routine practice. We have database programs that ensure our communications are securely encrypted so that we can send your images and information to your providers efficiently and securely, without vulnerability to outside access.
HIPAA protects your privacy, but it does not stand in the way of your treatment or limit your support system.
It’s important to us that your medical treatment information remains your private business. In most cases, HIPAA prohibits employers from accessing a patient's records, even if an employer-based insurer is paying for your care (whether the employer participates in an outside insurance plan or is self-insured). Generally speaking, if your employer wants access to your records, you must give your permission in writing.
Sometimes, however, sharing your PHI is essential to giving you the best patient care, customer service, and medical treatment possible. Your medical providers are permitted and encouraged to share information with each other in the course of your treatment so you receive the highest level of care. We may share certain kinds of PHI For other specific reasons, such as to obtain payment for the services we’ve provided or other business reasons. When that occurs, the minimum amount PHI necessary to accomplish the objective will be shared with the fewest possible contacts.[4] Our privacy policy sets forth the limited circumstances in which we will share your information.
With your written permission, we may disclose to a member of your family, a relative, a close friend, or any other person you identify, your Protected Health Information that directly relates to that person’s involvement in your health care. If you are unable to agree or object to such a disclosure, and if we determine, based on our professional judgment, that it is in your best interest, we may disclose such information as necessary to provide you the best possible care. Of course, we will always take steps to make sure any recipient of your medical information is who they say they are and that they are entitled to the information about you before sharing any protected information.
At Iowa Radiology, we will not otherwise share your Protected Health Information without your signed approval and will work diligently to keep your information secure and private. Please contact us if you have any questions or concerns about these policies.
For more information about your privacy and other health-related topics, subscribe to our blog.
Sources
[1] http://www.cms.gov/Regulations-and-Guidance/HIPAA-Administrative-Simplification/HIPAAGenInfo/Downloads/HIPAALaw.pdf
[2] http://www.cms.gov/Regulations-and-Guidance/HIPAA-Administrative-Simplification/HIPAAGenInfo/Downloads/ASCALaw.pdf
[3] http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/index.html
[4] The Department of Health and Human Services issued a bulletin with explanations and examples of common “Incidental Uses and Disclosures” in 2002, available at https://www.iowaradiology.com/patient-info/notice-of-privacy/
The information contained in the Iowa Radiology website is presented as public service information only. It is not intended to be nor is it a substitute for professional medical advice. You should always seek the advice of your physician or other qualified healthcare provider if you think you may have a medical problem before starting any new treatment, or if you have any questions regarding your medical condition.
Iowa Radiology occasionally supplies links to other web sites as a service to its readers and is not in any way responsible for information provided by other organizations.