HIPAA Regulations Protect Patients
By John Collett
In 1996, Congress passed federal legislation addressing some significant
areas of concern in the national health-care system. This legislation, the
Health Insurance Portability and Accountability Act (HIPAA), enhances patient
protection in two realms: insurance coverage and patient privacy.
The health insurance portability portion of the legislation, which went into
effect in 1996, protects individuals who are changing employment by limiting
the extent to which insurance companies can exclude coverage for pre-existing
conditions. If you move to a new health insurance plan within 63 days of
termination of your previous coverage and you have had continuous coverage for
12 months, the new plan cannot invoke a pre-existing-condition exclusion. As
you change jobs, you should keep coverage of some kind, whether under COBRA or
an individual plan, to maintain the 12 months of coverage.
The accountability portion of HIPAA provides comprehensive federal
guidelines for protecting a patient's fundamental right to privacy and
confidentiality. The guidelines address how health-care providers, health
insurance companies, and health-care billing services may use and disclose
medical information relating to their patients. Through the implementation of
these guidelines, HIPAA effectively eliminates inappropriate access to personal
health-care information. Historically, entities such as lending institutions, marketing companies, and employers have sought confidential
patient information for business decisions related to credit and loans,
targeted mass marketing, hiring decisions, and other inappropriate uses. The
new regulations put an end to those abuses of the system.
Under HIPAA, personal health-care information can only be released with
specific written authorization from the patient involved. For example, if a
drug company is looking to contact patients with a particular medical problem,
the health-care provider must obtain specific written permission from the
patient to release information to that drug company. The same applies to banks,
attorneys, potential employers, and the like.
Protecting patient privacy The HIPAA regulations cover the ways in which
health-care providers, health insurance companies, and health-care billing
services can use and disclose information for treatment, payment, and
In order to provide treatment, for example, your medical center may disclose
to an orthopedic surgeon, who is treating your broken leg, that you have diabetes
because diabetes can slow the healing process. The surgeon may need to share
that information with a dietitian, so that you can be served a proper diet
while at the medical center, and so forth.
Your medical center may disclose medical information about services provided
to you at the medical center in order to bill your insurance company or a third
party and collect payment. Some health plans require prior approval for certain
types of treatment or surgery, which is another instance in which your doctor
or medical center may share information with your insurance company.
Your medical center may also use medical information about patients to
review its treatment and services and to evaluate the performance of its staff
in caring for you. The hospital might combine medical information about several
hospital patients in the aggregate, so as to decide what additional services
the hospital should offer and whether certain new treatments are effective.
In addition, HIPAA covers a number of special situations in which your
medical information might be shared. If you are an organ donor, for example,
your medical center may release that information to organizations that
coordinate organ procurement. Medical information that is defined under public
health laws is carefully spelled out in the new regulations, as are the
circumstances under which information can be released to law enforcement
HIPAA provides increased personal access. Not only does HIPAA provide
greater protection of personal health-care information, but the law also gives
patients more access to their own medical records. You have the right to
receive and inspect a copy of medical information that may be used to make
decisions about your care. If you feel that medical information is incorrect or
incomplete, you may ask to have the information amended. You also have the
right to request a limit on the medical information that is disclosed about you
to someone who is involved in your care or the payment for your care, like a
family member or friend.
For more detailed information about HIPAA's privacy rules contact Cayuga Medical
Center directly or go the
Cayuga Medical Center Web site at cayugamed.org.
John Collett is an assistant vice
president at Cayuga
and serves as the medical center's compliance officer.