Protecting Your Privacy, Part 1: It All Starts with HIPAA

Your medical privacy deserves the utmost protection, and the best way to get in front of fraudsters and thieves is to be an active participant in that protection. That’s why we’re pleased to introduce our new series: Protecting Your Privacy. In this series, we’re going to lay out steps that you can take to look after your own medical data. 

In part one, we’re going to help you understand your rights under the Health Insurance Portability and Accountability Act of 1996, better known as HIPAA. More specifically, we’re going to talk about what HIPAA can do and what it can’t do. 

HIPAA laws regulate how your healthcare provider can share your medical information, even when it comes to other healthcare providers.

What does HIPAA do?

The HIPAA laws are in place to help protect the privacy and security of your medical information. In a nutshell, they cover the following:

  • Provides guard rails around how healthcare and insurance providers can share your information
  • Sets out guidelines regarding what healthcare and insurance providers need to do to keep your information safe
  • Tells healthcare and insurance providers when they need to inform you if your information has been leaked

What kind of information does HIPAA protect?

During the pandemic, you may have heard conflicting messages over what HIPAA does or doesn’t protect. You can expect it to safeguard your medical records, whether that is in paper or digital form, as well as any conversations a physician may hold with other healthcare providers regarding your care.

HIPAA also protects:

  • Your billing information
  • Any data on you contained in your health insurance provider’s system, such as your diagnoses, test results, and prescriptions
  • Other health information about you

How does HIPAA protect my information?

HIPAA itself sets requirements that healthcare providers and insurers must abide by to keep your medical data safe. Those who fall under HIPAA must establish safeguards, whether they’re physical or digital, to protect your medical data. These safeguards can include access control tools like passwords or PIN numbers, information encryption, and a record of who accessed your data. 

They must also limit who has access to your health information and provide training to the employees that do have access. 

Who doesn’t fall under HIPAA?

Your employer is not necessarily bound by HIPAA.

Here is where we see the biggest misunderstandings regarding HIPAA. As noted above, these regulations cover a particular set of companies—namely those related to healthcare. Many, many entities are not governed by HIPAA at all. 

They include:

  • Your employer
  • Schools
  • Law enforcement agencies
  • Life insurers

All of these organizations may have access to some or all of your medical data, but they do not need to abide by HIPAA.

What are my rights under HIPAA?

When you’re dealing with health insurance companies, healthcare providers, or others that fall under HIPAA regulations, they must comply with your rights.

You can request a copy of your health records—they will usually arrive within a month—and have mistakes corrected. Your healthcare or insurance provider must also provide you with a notice that tells you how your information may be used or shared—and you have a right to give your permission for that. For example, you can ask your doctor not to discuss your medical information with other doctors or nurses. 

You can also ask your insurance or healthcare provider about your rights. If you feel that your rights are being denied, the HHS encourages you to file a complaint

How else can I protect my privacy?

You can start by learning more about HIPAA and looking at the documentation housed at the Department of Health and Human Services. We encourage you to look through that information to become more informed.

But while HIPAA is a large part of the story, the key word here is part. There are other steps that you, as a consumer, can take to protect your medical privacy now that you know more about the limits of HIPAA’s protections. These steps include reviewing your records, looking over your bills, and much more. We’ll cover each of these steps in our upcoming series. 

In the meantime, you can trust HealthLock’s powerful AI technology to monitor your medical bills and explanations of benefits. If we spot something that could indicate fraud or a breach of privacy, we’ll get in touch with you and can start taking steps to resolve the matter.

Your medical privacy is important, but so is your precious free time. Let HealthLock help you protect both.