HIPAA: Protecting your right to privacy
Hospitals and health care providers routinely use personal health information to diagnose and treat you, to obtain payment for services provided and to evaluate the quality of care that you receive. And part of caring for you is protecting your privacy-an important part of CHRISTUS Health's commitment to quality care.
New federal regulations issued in August 2002 by the U.S. Department of Health and Human Services (HHS) will give you broader protection over the privacy of your personal medical information. The regulations, which take effect in April 2003, will strengthen privacy protection without interfering with your access to quality care.
Congress first recognized the need to establish national patient privacy standards in 1996 and, in keeping with the Health Insurance Portability and Accountability Act (HIPAA) passed that year, set a three-year deadline to enact protections. Since Congress did not make that deadline, HIPAA became the driving force behind federal regulations governing privacy, security and electronic transactions standards for personal health information.
In general, most health care organizations, including hospitals, physician offices, health plans and health insurers that electronically transmit, store or otherwise handle individually identifiable or protected health information, are covered by HIPAA and are required to comply with the Privacy Rule by April 14, 2003. Currently, health providers and plans use many different electronic formats to process health claims and related health care transactions. Having a national standard will mean we will all use one format, thereby simplifying and improving transaction efficiency nationwide.
The privacy standard guarantees you access to your medical records, giving you more control over how your protected health information is used and disclosed, and providing a clear avenue of recourse if your medical privacy is compromised. It will apply to medical records and other personal health information maintained by most health care providers, hospitals, health plans and health insurers.
Under the Privacy Rule
• You must give specific authorization before entities covered by this regulation could use or disclose protected health information in most non-routine circumstances-such as releasing information to an employer. Doctors, health plans and other covered entities will be required to follow the rule's standards for the use and disclosure of personal health information.
• Covered entities, such as CHRISTUS, will generally provide you with written notice of their privacy practices and your privacy rights. The notice will contain information that could be useful to choosing a health plan, doctor or other provider. You would generally be asked to sign or otherwise acknowledge receipt of the privacy notice from direct treatment providers.
• Pharmacies, health plans and other covered entities must first obtain your authorization before sending you marketing materials. However, the rule does permit doctors, hospitals and other covered entities to communicate freely with you about treatment options and other health-related information, including disease-management programs.
You generally will be able to access your personal medical records and request changes to correct any errors. In addition, you can request an accounting of non-routine uses and disclosures of your health information.
