| For most patients, the HIPAA paperwork is just one | | | | HIPAA, the covered entity must make an effort to |
| more thing to sign while they are in the doctor's | | | | only disclose the minimum necessary information to |
| office. Most do not take the time to read over it, | | | | the other entity. |
| and many have no idea what it is in the first place. | | | | The Privacy Rule allows individuals the right to |
| HIPAA actually stands for Health Insurance Portability | | | | request that any entity fix any information in their file |
| and Accountability Act, and was enacted by the | | | | that is inaccurate or needs to be updated. It also |
| United States Congress in 1996. There are many | | | | requires that the covered entity take reasonable |
| different titles and areas to this act, but the main | | | | steps to make sure that the confidentiality of the |
| one that concerns patients today is the Privacy Rule. | | | | medical records and the communications with the |
| The Privacy Rule went into effect on April 14, 2003. | | | | patients are kept confidential. This means that a |
| This rule establishes the regulations for the use and | | | | patient can request that the doctor's office only |
| the disclosure of protected health information about | | | | phone them at home or on their cell phone numbers |
| a patient. This includes health status, payments for | | | | and not at work. |
| health care, and the provision of health care that | | | | This rule also requires that covered entities ensure |
| they receive. This is normally interpreted pretty | | | | that patients are notified of their rights under the |
| broadly, and normally includes any part of a patient's | | | | HIPAA laws. These entities also have to have a |
| medical records and payment history. | | | | signed disclosure in a medical file for each patient, and |
| There are different entities that can request the | | | | has to ensure that the patient has received a copy |
| information that is kept in a medical record. Those | | | | of their rights and the regulations. The medical office |
| covered entities, or doctor's offices, that receive the | | | | must also appoint a Privacy Official and a contact |
| request the information in a person's medical record | | | | person for patients that are responsible for receiving |
| and the information must be provided normally within | | | | complaints. If a patient believes that their information |
| 30 days. These entities must also fully cooperate | | | | has been allowed to be viewed without their |
| with law enforcement in cases of child abuse and | | | | knowledge, they can file a complaint with the |
| other areas. Some of the areas that the entity may | | | | Department of Human Services office for Civil Rights. |
| be asked to disclose include payment, health care | | | | For patients who would like to find out more about |
| operations, and other information so that another | | | | their HIPAA rights, they can check with their doctor's |
| entity can facilitate treatment. But, according to | | | | office for a copy. |