Medical records contain extremely personal information – anything from weight and age, to chronic medical conditions that some might find embarrassing if widely known (for example, minor skin rashes) to serious health issues that might impact someone’s ability to find and keep a job, or to be accepted in various social situations where stigmas regarding certain medical conditions or illnesses still exist. There are many, many good reasons for an individual’s medical records to be protected as private information.
Correspondingly, from a personal injury advocate’s point of view, the sanctity and security of medical records need the utmost protection because it is only through the veracity of these health care records that justice can be determined in many situations: not only in the determination of long term health care needs in assessing damages claims and settlement amounts in injury cases (especially those involving TBIs, spinal cord injuries, and other debilitating conditions) but also in the investigation of proximate cause of injuries in situations involving doctor error, medical malpractice, drug injuries, and other medical harms.
HIPAA Protects Patient Privacy
One protection provided to medical records and their confidentiality has been the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Under HIPAA, federal law protects the confidentiality of a patient’s personal health information as it has been recorded by various health care providers (hospitals, doctors, clinics, labs, etc.) and the law also gives patients specific rights to access that health information. As written, HIPPA allows disclosure of your personal health information when it is needed to assist in your current medical care needs as well as other important uses (like investigating whether or not improper treatment was provided).
Now, the federal government has acted to create another rule to protect privacy in patient files: the Department of Health and Human Services has announced a new rule to work under the umbrella of HIPPA: the “final omnibus rule.”
“Much has changed in health care since HIPAA was enacted over fifteen years ago,” said HHS Secretary Kathleen Sebelius. “The new rule will help protect patient privacy and safeguard patients’ health information in an ever expanding digital age.”
According to the HHS Release announcing the new rule, these changes will patch holes discovered in the past, especially revelations of patient health information that have come through “business associates” of health care providers and health insurance claims processing companies.
Additionally, patients are now going to be able to request and receive electronic versions of their medical records (i.e., get them by email from their doctor, etc.).
“This final omnibus rule marks the most sweeping changes to the HIPAA Privacy and Security Rules since they were first implemented,” said HHS Office for Civil Rights Director Leon Rodriguez. “These changes not only greatly enhance a patient’s privacy rights and protections, but also strengthen the ability of my office to vigorously enforce the HIPAA privacy and security protections, regardless of whether the information is being held by a health plan, a health care provider, or one of their business associates.”