Benefit and insurance issues important to you - brought to you by the insurance specialists at: BB&T Insurance Services of California, Inc.
HIPAA Basics Your right to privacy
In April 2003, the final regulations that disclosures, to request provided to you. Your primary care place restrictions on how personally special restrictions, and to physician can share your health identifiable health information may be receive confidential information with a specialist that he or used and disclosed by certain communications; and she recommends you consult. In these organizations became effective. cases, your written permission to Impose fines where the disclose your health information is not These regulations (the Privacy Rules) requirements contained within required. implement the privacy requirements the regulations are not met. contained within the Administrative In general, any use or disclosure not Simplification subtitle of the Health considered treatment, payment, or a Insurance Portability and health care operation requires your Accountability Act of 1996 (HIPAA). written authorization, unless an While some states have exception applies. For example, your While some states have laws that physician may not share your health protect health information, the HIPAA “ laws that protect health information with your employer or a life Privacy Rules establish a uniform, information, the HIPAA insurance carrier without your written minimum level of privacy protections permission. for all health information. Privacy Rules establish a uniform, minimum level However, disclosure of health In summary, the HIPAA Privacy information is permitted for certain Rules: of privacy protections for purposes specifically listed in the Set limits on how health all health information. HIPAA Privacy Rules, such as national information may be used and security, law enforcement and public health issues. If you authorize release disclosed; Restrictions on Use & Disclosure of your health information to a third The rules allow health care providers, ” party, the information released may no Require that individuals be health plans, and health care longer be protected by HIPAA. told how their health clearinghouses (Covered Entities) to information will be used and use and disclose your personally Notice of Privacy Practices disclosed; identifiable health information for You are entitled to receive an purposes of treatment, payment, or explanation of how your personally Provide individuals with a health care operations. right to access, amend or identifiable health information will be used and disclosed. copy their medical records; For example, your health care provider may submit your health information to For example, a physician or hospital is Give individuals a right to a health insurance company in order to receive an accounting of required to provide you with a Notice seek payment for the treatment of Privacy Practices at your first visit. You will be required to sign an required by law, or in emergency The HIPAA Privacy Rules do not acknowledgement indicating that you circumstances. Health care providers provide individuals with a private right received the Notice of Privacy and health plans must consider your to sue, although methodologies for Practices. request, but are not legally obligated to allowing a portion of civil penalties to agree to those restrictions. be paid to affected individuals must be If you have health insurance coverage, established by February 17, 2012. the insurance company or health plan Confidential Communications will also provide you with a Notice of You have a right to receive confidential Currently, health care providers, health Privacy Practices immediately after communications containing your health plans, and health care clearinghouses you are enrolled in the plan. It is information. Health care providers and that do not comply with the HIPAA important that you read the Notice of health plans are required to Privacy Rules may be subject to civil Privacy Practices in order to accommodate your reasonable money penalties ranging from $100 to understand your rights and know who requests. For example, you may ask $50,000 per violation, with maximum to contact if you feel your privacy rights that a physician contact you at your penalties ranging from $25,000 per have been violated. place of employment or send year to $1.5 million per year. communications regarding treatment Right to Access, Amend, or Copy to an alternate address. Criminal violations of the HIPAA You have a right to view and copy your Privacy Rules may also be referred to medical records. You may be charged Violations of Privacy Rights the Department of Justice for a fee for the cost of reproduction. If If you believe that your privacy rights enforcement. Criminal penalties for you believe that information within your have been violated, you may contact such violations include: medical records is incorrect or if the Privacy Officer for the organization important information is missing, you that you feel has violated your right to $50,000 and/or up to one have a right to request that your privacy. The name of the Privacy year in prison for knowingly medical records be amended. Officer should be included in the obtaining or disclosing Notice of Privacy Practices provided to protected health information Right to an Accounting of you by that organization. not permitted by law; Disclosure You also have a right to a list of uses If the Privacy Officer does not $100,000 and/or up to five and disclosures made of your medical adequately resolve your concerns, you years in prison for obtaining records where the use or disclosure may contact the Department of Health or disclosing protected health was not for purposes of treatment, and Human Services — Office of Civil information under false payment, health care operations, or Rights (OCR). OCR is responsible for pretences; and pursuant to your written authorization. enforcing the HIPAA Privacy Rules. Its Web site contains instructions on how $250,000 and/or up to ten Right to Request Restrictions to file a complaint years in prison for obtaining You may request in writing that a www.hhs.gov/ocr/privacy/hipaa/compla protected health information health care provider or health plan not ints and a complaint form with an intent to sell, transfer, use or disclose information for www.hhs.gov/ocr/privacy/hipaa/compla or use it for commercial treatment, payment, or other ints/hipcomplaintpackage.pdf advantage, personal gain, or administrative purposes unless malicious harm. specifically authorized by you, when Penalties for Noncompliance State Attorneys General (AG) may also bring suit against Covered Entities to enjoin further violations and obtain damages on behalf of residents of their states, if HHS has not already taken action. The AG may seek damages of up to $100 per violation, with a maximum of $25,000 per year for identical violations.
HIPAA Privacy Resources
Office of Civil Rights (HHS) www.hhs.gov/ocr/
Health Privacy Project www.healthprivacy.org
This article is provided by BB&T Insurance Services of California, Inc.. It is to be used for informational purposes only and is not intended to replace the advice of an insurance professional. Visit us at http://www.bbandt.com. © 2011 Zywave, Inc. All rights reserved