About NHVJSEC | Committees |   | Resources | Contact | Home

What does HIPPA mean?

HIPPA is the acronym for the federal Health Insurance Portability and Accountability Act of 1996. HIPPA has various provisions which impact health care in a variety of ways. One of these provisions concerns standards for privacy of health information (the HIPPA Privacy Rule). The Department of Health and Human Services published the final Privacy Rule on 12/28/2000.  This rule gives patients greater access to their own medical records and more control over how their personal health information is used. The rule also addresses the obligations of health care providers and health plans to protect health information.  By law, covered entities had until 4/13/2003 to fully comply with all aspects of the ruling. 

A key element of the ruling is that a medical provider must have the patient’s consent before any health information is released to a third provider. A physician may use or disclose only that information which is needed to accomplish the stated purpose. Patients have the federal right to access and copy protected health care information and they have the right to “amend” (not to change) a designated record.  The right to confidential communication and the right to an accounting of disclosures is also given to patients by HIPPA. There is a legal exception to the HIPPA provisions. Worker’s Compensation injury cases are not subject to HIPPA. The employer is entitled to receive all information relevant to the alleged work-related injury.

In addition to regulations on the federal level, many states have begun to define privacy regulations.  New York Public Health Laws §17 and §18 define the requirements for the appropriate handling of medical records and make any reported violation of these standards a felony punishable by both monetary fines and imprisonment.

In our practice we do require that all of our patient’s sign consents for the disclosure of medical information to their employer or any other third party. We would like to emphasize to our business clients that they should limit their request for information to that which is needed to accomplish a stated purpose.  In other words if an employee is sent for a post-offer job physical, a simple “pass letter” should be expected. There may be elements in a patient’s medical history which do not impact the ability to perform a given job and it would not be in the best interest of a company to have this information.

It is imperative that all recipients of confidential medical information realize that they are going to be held accountable to the manner in which they handle the information they receive. If a company is believed to have violated an employee ‘s right to confidentiality in any way they may be subject to legal action as defined above.

We as health care providers will continue to monitor these confidentiality standards to ensure our compliance with federal and state statutes. We urge our business associates to review their respective policies with their corporate legal counsels as well.

Dr. Carol Smith is the Medical Director for Occupational Health Services at Emergency One.  For more information call:  (845) 338-5600

 
for site credits, click here