>H.I.P.A.A. > > >Whether you know it or not you now have a medical identification number. >I just received a copy of an in-house memo from an employer concerning >HIPAA Compliance. It states, "Attached is a privacy notice that (name of >company) is required to provide to you based upon a new health privacy >law entitled the (print following in bold) Health Insurance Portabality >and Accountability Act or HIPAA for short. If you have acquired medical >services or filled a prescription in the past two days, you have probably >been given a similar notice by the provider. You do not need to take any >action regarding this notice, we are simply required by law to provide it >to you."
The privacy notices do not give you a number (already covered). Try this as a starter website btw (http://cms.hhs.gov/hipaa/) The average HIPAA notice has several basic elements you will see- 1. What is considered "protected info" (things that can identify you) 2. The legal obligations the group has to protect your privacy (should healthcare providers always do/have done this-yes- but now there are >$25000 fines involved) 3. Some statement relating to using your info for treatment, payment, healthcare operations without your permission (this is standard language to help keep things clear). If a doctor refers you for an x-ray they can give info relating to your diagnosis, phone # etc (or you would have to sign permission everytime they tried to schedule you with a specialist, etc) (very simplified btw) (You could probably modify the payment stuff if you were paying cash I don't know). If you have ever had a run in with insurance over not using SSN, sigh, they just say you have a choice not to get their coverage) 4. Some generic wording relating to when they "have to legally" such as- When disclosure is required by federal, state or local law, judicial or administrative proceedings, or law enforcement. For example, victims of abuse, neglect, or domestic violence, gunshot or other wounds, as well as when ordered to do so by the courts or their designated appointees. 5. Language on uses of your info you may "object to". In some cases this is worded not to sound so optional, but things like marketing purposes, etc you can just make a object and tell them "no". 6. A section on your rights-right to view your personal health info, to restrict who sees it (family members for example), specify how you want to be contacted, identify who outside of "billing and treatment, etc" your info has been sent to, copies, amendments, etc 7. Language on who to complain to (and how fast you will get a response) I'm sure I missed a few things, but after a while they kinda read the same. >You are being told that this new ID number is to protect your privacy but >in reality your medical privacy is now beyond your control. These new >rules actually destroy your ability to restrict access to your medical >records. Your medical record belongs to you, this does not change your access to it. You know, as a consumer it is getting tough to know "who owns who" in healthcare. I have been places where one facility just assumed it was ok to throw my info in a large database that was accessible to more than 1/4 of the local medical community that had nothing to do with my annual uncompromising OBGYN data at a minimum and questionable mammo at worst. I can understand sharing info in the cases of emergency (IIRC this is ok'd by the "treatment" language). I know now if my neighbor knows I had a case of "imagine compromising something or another of which you would like privacy" from the hospital, blabbing about it comes with a $25000 price tag. Also, if someone inadvertently talks about you, you have to be informed who, what, etc The rest of the post seems like it is getting good attention, or I am just tired to blabber on. I am far from an expert, but have had my own dealings on both sides of the fence on this one. Hope it helps, Dee _______________________________________________ http://www.mccmedia.com/mailman/listinfo/brin-l
