HIPAA and a patient's privacy after death.
When HIPAA was enacted in 1996, it was originally written to protect our access to insurance, even with the loss of a job a person could get insurance without regard to a pre-existing condition. What happened? Today after security policies were added to the original act, HIPAA has become a confusing set of rules regarding patient's privacy rights and who has access to information and who doesn't.
We have the right to have that information shared with anyone we designate, provided we define the specific permissions in writing. Thankfully Obama has made it easier for domestic partners to be involved in the care of their loved ones, but still in the US, the primary family members have easier access and more input in decision making if a patient is unable to.
So besides the patient, the immediate family or anyone the patient has provided permission, who has access to the medical records?
It seems that there several groups that have access:
Your Healthcare provider,
Your insurance company
A Medical Clearinghouse,
If public safety is at risk, public health officials
Law enforcement officials in cases regarding or if there is suspicion of domestic violence, abuse, neglect or gunshot wounds.
If you're an organ donor, organ and tissue organizations
The government if you use Medicare or Medicaid
Legally, the only way your employer can have access to your medical records is if you give permission in writing.
You also have a right to your medical records, a healthcare provider does not have to release them to you if they are deemed harmful to you, an example of this would be mental health records.
HIPAA does not protect your privacy if you upload your medical records to a site on the internet that stores health and medical information, even if they claim that they do.
Also, your information can be shared for marketing purposes. For example a hospital may obtain your name from a patient list and contact you for fund raising or inform you of a new doctor on staff. They cannot however sell it to an insurance company who wants to sell you additional policies.
So what has this got to do with death and your records?
Laws vary state by state on how long a practice must maintain records on a patient once the patient dies. HIPAA is not bound by that timeline.
Under the Freedom of Information Act we have the right to our medical records and upon death this right extends to the patient's spouse, next of kin, or executor of the estate. This still requires the courts intervention because they will rule on what is relevant and irrelevant information in regards to the HIPAA regulations. In simple terms: The change in privacy does not end the confidentiality agreement of the patient. Medical information release is illegal to anyone but the patient (or executor after death) without prior written consent.
When a medical professional goes on television talk shows and discusses a patient's health, even after they have died, they are breaking the law, unless the patient gave them written permission about the specific health issue discussed. Any doctor that does that should be investigated and prosecuted to the fullest extent of the law. Family members should file a civil suit and nail the bastard.
Telling the world that a patient needed Demerol prior to a procedure violates HIPAA, discussing what happens in an exam room on a patient visit may or may not violate HIPAA, it depends on what was happening. Regardless, a patient - medical employee romance is unprofessional at the very least, and some may even suggest it violates ethics between doctor and patient. If nothing else, if it even happened, it is definitely tacky.
We have the right to have that information shared with anyone we designate, provided we define the specific permissions in writing. Thankfully Obama has made it easier for domestic partners to be involved in the care of their loved ones, but still in the US, the primary family members have easier access and more input in decision making if a patient is unable to.
So besides the patient, the immediate family or anyone the patient has provided permission, who has access to the medical records?
It seems that there several groups that have access:
Your Healthcare provider,
Your insurance company
A Medical Clearinghouse,
If public safety is at risk, public health officials
Law enforcement officials in cases regarding or if there is suspicion of domestic violence, abuse, neglect or gunshot wounds.
If you're an organ donor, organ and tissue organizations
The government if you use Medicare or Medicaid
Legally, the only way your employer can have access to your medical records is if you give permission in writing.
You also have a right to your medical records, a healthcare provider does not have to release them to you if they are deemed harmful to you, an example of this would be mental health records.
HIPAA does not protect your privacy if you upload your medical records to a site on the internet that stores health and medical information, even if they claim that they do.
Also, your information can be shared for marketing purposes. For example a hospital may obtain your name from a patient list and contact you for fund raising or inform you of a new doctor on staff. They cannot however sell it to an insurance company who wants to sell you additional policies.
So what has this got to do with death and your records?
Laws vary state by state on how long a practice must maintain records on a patient once the patient dies. HIPAA is not bound by that timeline.
Under the Freedom of Information Act we have the right to our medical records and upon death this right extends to the patient's spouse, next of kin, or executor of the estate. This still requires the courts intervention because they will rule on what is relevant and irrelevant information in regards to the HIPAA regulations. In simple terms: The change in privacy does not end the confidentiality agreement of the patient. Medical information release is illegal to anyone but the patient (or executor after death) without prior written consent.
When a medical professional goes on television talk shows and discusses a patient's health, even after they have died, they are breaking the law, unless the patient gave them written permission about the specific health issue discussed. Any doctor that does that should be investigated and prosecuted to the fullest extent of the law. Family members should file a civil suit and nail the bastard.
Telling the world that a patient needed Demerol prior to a procedure violates HIPAA, discussing what happens in an exam room on a patient visit may or may not violate HIPAA, it depends on what was happening. Regardless, a patient - medical employee romance is unprofessional at the very least, and some may even suggest it violates ethics between doctor and patient. If nothing else, if it even happened, it is definitely tacky.