What does HIPAA mean for your privacy?

What does HIPAA mean for your privacy?

by Ellen Rosner Feig, December 2009

You may have seen news stories in which a camera pans over a dumpster overflowing with unshredded medical charts. News anchors follow-up and interview patients, bringing them the very file discovered amid the trash. Hearing such horror stories is grounds for worry about the safety of your own health information, even if an annual check-up is the extent of your doctor visits.

This very issue of privacy is at the heart of HIPPA (The Health Insurance Portability and Accountability Act), which went into effect on April 14, 2003. Thanks to HIPAA, it's easier for terminally ill patients to obtain health insurance. Federal standards now exist for the availability of health insurance and the electronic transmission of patient medical information. Regulations of fraud and abuse have been strengthened. Also, charts in doorway pockets now face inward so they can't be read by people walking down the hallway.

One effect of HIPAA is that individuals now have to sign a Notice of Privacy Practices from health care providers. This notice outlines the provider's privacy policies.

Possible effects of HIPAA:

1. Give you greater ability to get health coverage if you start a new job

2. Lessen your chance of losing existing health care coverage

3. Help you maintain constant health coverage during job changes

4. Aid you in purchasing health insurance coverage on your own if you lose coverage

5. Allow patients to correct their records

6. Require patients to be informed as to how their personal information will be used

7. Require health plans/providers to document privacy procedures

8. Allow patients to file formal privacy related complaints

Specific protections under HIPAA include:

1. Protection against denial of coverage based on poor health

2. Guarantee of health insurance purchase, and renewal, to small business owners and individuals who have lost job related coverage


To protect privacy, the U.S. Department of Health and Human Services has to enact standards for e-transactions in the health care industry. This means uniform codes and forms will make billing, claim payments and information transfers easier and faster.


HIPAA also eases transfers of health insurance coverage in the following cases:

1. You move from one job with group health plan coverage to another with group health plan coverage.

2. You lose group health plan coverage, are HIPAA eligible, and wish to purchase individual health coverage

3. You have individual or other health coverage and enroll in a new group health plan.

HIPAA doesn't require your new employer to provide health coverage.


"In a matter of seconds, a person's most profoundly private information can be shared with hundreds, thousands, even millions of individuals and organizations at the same time..." -from HIPAA

So, what about regulating the effects of the information highway? Computerization of health care records creates confidentiality challenges. Computer records can be read remotely, hacked into and intercepted. E-mails can be read by anyone. Computerized medical information can be compiled, sold and manipulated.

The most important provision of HIPAA is the privacy rule. This rule covers an individual's "protected health information." This type of information includes bills, claims, prescriptions, data, lab results, medical opinions and even appointment histories. All health care providers, HMO's and health insurers must comply with this privacy rule if they electronically store health information.

However, the privacy rule was amended by Secretary of Health and Human Services Tommy Thompson with a new provision. This revised edition gives health care providers, HMOs and health insurers permission to use and disclose health information. In short, medical records can be disclosed for "routine" purposes without patient consent or notification and regardless of patient refusal. This controversial amendment has led to lawsuits by patient advocacy groups. Such groups argue the amendment undermines the original spirit of the privacy rule. The court is still out on this one, so we'll have to wait and see if the information highway will be closed to medical traffic.