HIPAA: Risk of Medical Disclosure

The Facts

• The Health Insurance Portability and Accountability Act was passed in 1996 to allay growing concerns that medical information was being disclosed when medical records were transferred. HIPAA was amended in 2003 to include a privacy rule that explicitly addressed electronic access of medical files. You are protected from your medical information being disclosed without your consent in most situations.

Significance

• Medical disclosure to unauthorized persons can compromise not only your privacy but also other aspects of your personal life. For example, if a company you interviewed with had access to your medical records, that could influence a hiring decision even though it is illegal to deny employment because of a medical condition.

Exception

• A major exception to protection from disclosure is made in the course of treatment and payment for services. This process, called TPO, means your records can be given to any physician who treats you. You consent to this by consenting to treatment from the physician.

Warning

• Law enforcement may access your records without consent. However, to protect you from unlawful searches, a warrant must be issued before a law enforcement official is allowed to access the records.

Considerations

• Records of access to your medical records is required by HIPAA. You can see who has accessed the records for up to six years after the access was granted. Checks made in the process of TPO are not recorded on this account.