Archive Compliance - Email Archiving Compliance that meets HIPAA, SEC, and FINRA Regulations

Home

Hipaa for Consumers

A consumer's understanding of HIPAA is generally that it is there to protect their medical information from falling into the wrong hands, or being used in ways which they didn't authorize.

Information is a commodity, especially the kind of information contained in medical records. There are many people that could benefit from accessing that kind of data for good or for ill. Insurance companies, employers, drug companies and many others would pay dearly for the kind of information held on each individual. Inevitably the information would probably be used against people, not for them, which is why it is important to control access to it.

Many organizations are covered under the HIPAA, but many are not, which is why it is important to know the difference between them. The entities that are covered are generally any organization involved in health plans. This will range from the health insurance companies to Medicare or Medicaid. The health care providers themselves are of course subject to the act. Entities like doctors, dentists, clinics, hospitals, psychiatrists and nursing homes.

The lesser known entities covered under HIPAA are the health care clearing houses. These are the middlemen in most medical transactions. They will manage the billing from a doctor or hospital and the insurance company. The consumer doesn't see this element of the system, but it is an important part of it.

Something to bear in mind here is that free clinics and doctors aren't necessarily covered under this act because there is no payment involved. Billing, and electronic billing is a large part of who is or isn't covered under the HIPAA. In the same vein a school or a first aid room at an employer's isn't necessarily covered either. Although the school at least is covered under another privacy act, FERPA.

The easiest way to initially tell who is covered by HIPAA is if they bill a health plan or insurance company. If they do then there is a good chance that they are covered. If they do not, then it is definitely worth checking their privacy policy.

It is as important for consumer to know who isn't covered under HIPAA as well as who is. Some of these entities not covered will surprise people. Examples are life insurers, law enforcement agencies, most state agencies or council offices, schools and colleges and employers. Although they are not subject to this particular law, they are all subject to other privacy laws. In the case of schools and FERPA, a more stringent law protects this information.

How is the information protected? Each organization covered under HIPAA must have clear systems and guidelines in place to safeguard any stored information and limit access to this information as much as possible, while not limiting the healthcare provided. Entities must also have robust training for staff who handle medical records and have stringent contracts in place for any third party agencies they may use to cover their handling of protected information.

Medical records obviously have to be shared in the case of a patient needing care, and this is allowed under HIPAA. Situations such as a patient need medical attention of any kind is a legitimate reason for accessing records. As is passing relevant information to the police or federal authorities if it is pertinent, like in gunshot incidents etc.

Without written authorization a patient's medical records cannot be used in many other situations. This is how HIPAA protects consumers.