Effective as June 1, 2018
Your Health Information Privacy Rights
Most of us feel that health information is private and should be protected. That is why there is a federal law that sets rules for health care providers and health insurance companies about who can look at and receive health care information. This law, called the Health Insurance Portability and Accountability Act of 1996 (HIPAA), gives you rights over your health information, including the right to get a copy of your information, make sure it is correct, and know who has seen it.
Security
You can ask to see or get a copy of your medical records. Your pharmacy is the recipient and custodian of all your medical records created by Infusion of Care nurses. They can let you know how to arrange to see your records or how to obtain a copy. Depending on the policies of the pharmacy, you may be required to pay a fee to obtain copies. In most cases you must be given your copies within 30 days. You can check your medical records and ask to change any wrong information or add missing information. In most cases your file should be updated within 60 days. You have the right to know who has seen your health information.
Privacy
Generally, your health information cannot be used for purposes not directly related to your care without your permission. You can specify that your health information not be shared with certain people, groups, or companies as long as it does not impact the care you are receiving. For example, you can ask that your health information not be shared with your insurance company if you are paying for that care yourself, or that it not be made available to other doctors or providers apart from your own in a clinic setting. You may provide the method of contact you prefer and may limit who and where messages may be left regarding your health care. If you think your rights are being denied or your health information is not being protected, you have the right to file a complaint with your provider, health insurer, or the U.S. Department of Health and Human Services.
Electronic Health Records (EHRs)
Your health care provider may be moving from paper records to electronic health records or may already be using them. EHRs allow providers to use information more effectively to improve the quality and efficiency of your care, but EHRs will not change the privacy protections or security safeguards that apply to your health information. Safeguarding of EHRs may include “Access control” tools like passwords and PIN numbers to help limit access to your information to authorized users only. “Encrypting” your stored information prevents your record from being read by those who are not in possession of a system that decrypts it with a “key”. This is used when your information is shared electronically between authorized service providers. An “audit trail” feature records who accessed your information, what changes were made, and when. Federal law requires health care providers to notify you of a “breach”, or unauthorized disclosure. The law also requires them to notify the Secretary of Health and Human Services. If a breach affects more than 500 residents of a state or jurisdiction, the health care provider must also notify prominent media outlets serving that area. This requirement helps patients know if something has gone wrong with the protection of their information and helps keep providers accountable for EHR protection.
Selection of Disclosure
You may designate a friend or family member as someone who may share with a provider relevant health care information about your care or payment. This may be done face-to-face, over the phone, or in writing. You must give your permission, you must be present, or your provider has determined it is in your best interests to disclose information and you are not able or available to give permission. It is always best to provide consent in writing. You may wish to utilize a Healthcare Durable Power of Attorney to indicate your disclosure choices.