HIPAA Privacy Rules & Discovery of Medical Records
The HIPAA Privacy Rule took effect in 2003. It has a number of functions, one of which is to control the release of medical records. Records can only be released to certain people under certain circumstances.-
Who Must Follow the Privacy Rule?
-
"Covered entities" are those who must follow the HIPAA Privacy Rule, and they include health plans, health care providers and health care clearinghouses that process health care information.
Who Does Not Have to Follow the Privacy Rule?
-
Life insurance companies and employers, as well as most schools, law enforcement agencies and municipalities do not have to follow the HIPAA Privacy Rule.
Discovering Medical Records
-
You can obtain your own medical records under HIPAA by contacting your insurer or health care provider. You can ask for corrections to information that is incorrect in your records.
Without your authorization, your health care provider cannot give information about your health care to your employer or other persons or organizations.
Tip
-
Health care providers may share medical information with persons who have power of attorney for you, family members or friends. They may do so if you have already consented, or if you are unable to consent and the provider believes it is in your best interest and that you would not object.
Warning
-
A covered entity may disclose information protected by HIPAA when requested by a court order, but may not disclose any information not specifically requested.
-