How does HIPAA protect your medical information?

You’ve probably signed at least a dozen HIPAA forms at the doctor’s and dentist’s office, your pharmacy, the urgent care center, and perhaps even the local hospital. But what does the information on those forms mean and how does HIPAA help protect the privacy of your medical information?

The Health Insurance Portability and Accountability Act (HIPAA) was passed by Congress in 1996 primarily to help protect employees and their families from losing their health insurance if they changed or lost their job and to keep insurers from denying coverage to people with certain diseases or pre-existing conditions.

Today, the main role HIPAA plays is protecting the privacy of patients’ medical information. It requires all healthcare providers and any organizations or companies they do business with, like insurance companies and healthcare clearinghouses (such as those that digitize medical records), to develop and strictly follow procedures that protect the security of your medical information. In general, under HIPAA, your health information can’t be used for purposes that are not directly related to your care without your permission.

Your rights under HIPAA

As a healthcare consumer, the law gives you several important rights:

• the right to see and receive a copy of your medical records and other health information
• the right to check the information and ask the healthcare provider to change incorrect information or add information that is missing or incomplete
• the right to know who your information has been shared with
• the right to choose not to share certain health information
• the right not share information about the care you receive or the medications your take with your health insurer if you pay for the care in full out of your own pocket
• the right to say where you want to be contacted with health information, for example asking the doctor to call your cell phone rather than office or home phone
• the right to file a complaint with the Department of Health and Human Services if you believe someone has not followed HIPAA regulations

When you sign a HIPAA form, make sure you read it carefully. With most forms, you are giving your formal consent for the healthcare provider to share health information with other healthcare providers, like labs, pharmacies, and other doctors, and insurers. The law requires providers to share only the minimum necessary amount of information, not your complete medical record. You can also choose whether you want any of your health information shared with your spouse, partner, parent, child, or another person.

There are some cases in which HIPAA does not apply, including health information you share:

• with your employer or school
• with life insurance and workers’ compensation companies
• through health tracking apps and activity trackers

Why it’s important to protect your medical information

Information about the conditions you face and treatments you undergo is personal and sensitive, so you don’t want details about your health shared without your permission. Medical records contain a wide range of information, including your name, address, phone number, Social Security number, emergency contact information, and more. In the hands of identity thieves, this information can be used to open bank, credit card, and loan accounts or to get identity documents such as passports and driver’s licenses.

If someone else uses your identity to receive medical care, the information in your medical record can become corrupted and include inaccurate information that affects your care. Approximately 20% of the victims of medical identity theft surveyed said they received a wrong diagnosis or that care was delayed because of confusion about the information in their compromised medical records. 

To protect your medical privacy, take these steps:

• Check your electronic medical record and insurance claim Explanations of Benefits for accuracy on a regular basis.
• Check your credit report for debts for medical care you did not receive and dispute these charges in writing with all three credit bureaus.
• Protect your insurance card as carefully as you protect your credit cards.
• Don’t share specific personal medical information online, for example on message boards or chat rooms for people diagnosed with a certain health problem.
• If you use health or fitness apps, be sure to check whether the provider tracks the information you store, how it’s used, and whether it can be sold to a third party.