The U.S. Department of Health and Human Services created protections for individuals’ electronically stored personal health information (PHI). These are mandatory guidelines through the Health Insurance Portability and Accountability Act (HIPAA) that include confidentiality of personal or medical (physical or mental) information. These regulations, known as the “HIPAA Privacy Rule,” address rules, contracts, and procedures used by the administrators or involving medical professionals (doctors, nurses, staff). The rule of thumb is to employ appropriate safeguards sharing any individually identifiable information with anyone who is not treating the individual.
Some information must be shared
Despite the need for privacy, medical treatment or care is not done in a vacuum. There are protocols for sharing or divulging PHI to medical administrators and others:
- Notice: The individual must be notified if there is a disclosure of personal health information.
- Need to inform: Some information must be accessible to friends and family, so they visit a patient receiving treatment.
- Consent: Individual most approve the disclosures often used for medical care payment by third parties.
- Authorization: This addresses any PHI information not covered above.
- Business associates: For health care businesses to operate effectively, employees need to disclose information regarding clients, although authorization or consent would make this relevant.
- Organizational requirements: There is a general umbrella that protects PHI at an organizational level.
- Disclosure required: There are certain circumstances where health care professionals or organizational staff should disclose PHI.
These rules also enable individuals or patients to request their health information, and they can even request corrections.
Balancing privacy and treatment
There are many important uses of PHI, but there will be disagreements and misunderstandings when a patient seeks medical treatment and provide information. The above protocols are general, so it is wise for medical organizations to draft rules regarding specific privacy concerns and update them if circumstances dictate it. Health care attorneys can help draft and update these rules to ensure compliance with all necessary regulations, including HIPAA’s Privacy Rule.
