Vijai P. Sharma, Ph.D
In response to my previous article on the privacy laws for medical records some readers said, "I had no idea!" Yes, insurance companies sent out notices regarding their privacy policies, but the notices were written in stilted, legalistic language and difficult to understand.
I am "inspired" to provide this information to you in English! Fortunately, to make my job a little easier, in my hand is a privacy notice issued by an insurance company, which unlike other companies wants its subscribers to really understand the limits of privacy. Whew! I am wiping the sweat from my brow. So, without further ado, let me draw attention to some of the problematic issues.
The notice of privacy practice informs you how your particular insurance company and its "subsidiaries" may share your "Protected Health Information (PHI)" with others in order to carry out treatment, payment, healthcare operations, and for "other purposes" permitted by law.
Mark the word "subsidiaries." These subsidiaries may constitute a huge list and may at best have a far- fetched relationship with your treatment. Ordinarily, you wouldn't ever find out about all the subsidiaries of your insurance company.
The term, "Protected Health Information" is interesting. The fact is that it might be protecting the insurance companies, all the subsidiaries, and the government more than it does you.
And what about using and disclosing your protected health information about "other purposes?" You would think that the use of your health information should be entirely and exclusively for the purpose of treatment and making payment for the treatment! What could possibly be the other purposes our Government has in mind? That's where 600,000 covered entities come into the play.
Read the word "covered" as "protected." These entities are protected by law when they get hold of your information.
Insurances companies do not require your permission to disclose your "Protected Health Information" (PHI) for payment, operational purposes, public health reasons, auditing and research. All of these so-called purposes, functions and reasons have the potential of growing into giant mushrooms.
For example, "operational purposes" could be for the purposes of insurance underwriting and premium rating purposes. Such an operational purpose has nothing to do with reaching a correct diagnosis or finding the most effective treatment for your problem, but it has everything to do with making money for corporations that are engaged in the health business.
Insurance companies may also disclose your PHI to the plan sponsor. If you are in a group health plan, your plan sponsor is usually your employer.
In fairness and to avoid a false alarm, know that many companies have an "Employee Assistance Program (EAP)," which may have a different set of rules and regulations. It may not fall under the Health Insurance Portability and Accountability Act (HIPAA). If you are utilizing your EAP, please check with your employer.
Insurance companies may disclose your PHI to a health oversight agency, court or administrative agency for lawfully authorized activities pertaining to civil, administrative and criminal procedures.
The may also disclose your PHI when asked by a law enforcement official for the purpose of locating or identifying a suspect, victim or a material witness or for assisting legal procedures.
Insurance companies may also release or disclose your PHI to federal officials or for intelligence and national security activities authorized by law.
If you are a member of the military, insurance firms can release or disclose your information to military authorities.
It is important to learn the difference between a "release" and a "disclosure." Release is voluntary, and disclosure is mandatory. You voluntarily give your permission to your treating professional, clinic or hospital to release your PHI to specific professionals or agencies. A disclosure is that which is required by law. Your treating professional, clinic or hospital is obligated to disclose the PHI to the agency as required by law. A disclosure does not require your permission.
Keep in mind that when you sign an authorization to release your PHI to a professional, you are signing to release the information to all the covered entities. However, you can instruct your treating professional to not release your information to specific individuals or agencies. But, you must give your instructions in writing and specify those individuals or agencies you don't want to have access to your information. This way, you can protect your health information to some extent.
On the positive side, you can inspect your records and if you don't agree with a particular piece of information about you, you can make a request for such an amendment in writing. Your treating professional, however, reserves the right to accept or deny your request.
Return to Self Help
Copyright 2003, Mind Publications
Posted May 2003
Dr. Vijai Sharma
Your Life Coach
By Telephone