You’re likely inundated with privacy policies all day long—they pop up in a window on your laptop or mobile device as you’re browsing a website, or you may be required to acknowledge your acceptance before downloading an app or signing up for a online service.
In this increasingly digital world, our privacy has become more and more important to us. This isn’t so much a product of us not caring about our privacy in the past, but rather a result of our personal information being stored and potentially shared at an alarming rate.
It can sometimes feel like our every click or move is being tracked. (Have you ever had an ad pop up on social media for something you were just talking about—like, face-to-face talking about? Freaky.) This tends to make us feel one of two ways—either hypersensitive and protective about our information and behaviors, or unfazed by otherwise undetected invasions of privacy.
Regardless of your stance on data sharing, everyone can agree that our protected health information (PHI, for short) should remain protected and be shared with care.
That’s why giving your patients access to your practice’s privacy policies isn’t just good practice, it’s also required by the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
The Privacy Rule
As part of HIPAA, patients have the undisputed right to be informed of their health care providers’ or health coverage providers’ privacy practices that are formed by the Privacy Rule.
According to the United States Department of Health & Human Services (HHS), the goal of the Privacy Rule under HIPAA is to “assure that individuals’ health information is properly protected while allowing the flow of health information needed to provide and promote high quality healthcare and to protect the public’s health and well being. The Rule strikes a balance that permits important uses of information, while protecting the privacy of people who seek care and healing. Given that the healthcare marketplace is diverse, the Rule is designed to be flexible and comprehensive to cover the variety of uses and disclosures that need to be addressed.”
Because each practice and personal care plan is different—information may need to be shared with other specialists for the patient to receive proper treatment, or data may need to be collected for research purposes—it is up to the healthcare provider to detail its privacy policies to the patient.
A patient also has the right to request a copy of your practice’s privacy policies at any time, so it’s important that you have an efficient and professional way of providing this information.
We know what you’re thinking—another form. But trust us when we say that providing your patients with a clear and thorough explanation of your privacy policies is just as important as getting their consent of treatment or them signing a HIPAA release form.
Before you get into the specifics of your practice’s privacy policies, you should first provide the patient some context around the purpose of the form.
This would include notifying the patient of their rights as protected under HIPAA and to inform them that you are disclosing how their medical information may be used or shared.
As we show you in this sample form, a simply paragraph to accomplish this may be:
“I am [or we are] required by the Health Insurance Portability & Accountability Act of 1996 (HIPAA) to provide confidentiality for all medical/mental health records and other individually identifiable health information in my possession. This Notice is to inform you of the uses and disclosures of confidential information that may be made by [BusinessName], and of your individual rights and [BusinessName]’s legal duties with respect to confidential information.”
It’s also a good idea to remind the patient to review the document carefully and notify the practice of any questions regarding PHI privacy, while also politely requesting that they provide their signature at the end to confirm their acceptance of your policies.
Disclose Potential Uses of Medical Records
Here are some examples of reasons why a healthcare provider might need to disclose PHI at their own discretion:
– Treatment: This includes sharing information with other specialists involved in a patient’s healthcare plan, or for any additional services needed.
– Payment: Information may need to be shared with an internal billing department or third-party billing vendor to properly bill patients and healthcare insurance plans.
– Healthcare Operations: This covers any internal needs to help a practice maintain a high level of care. This could include evaluating a team member’s performance or upgrading practice procedures.
– Appointment Scheduling: Administrative members of a practice may need access to treatment information so they can properly schedule appointments or follow-ups, or provide helpful appointment reminders to the patient.
– Research: If a research study has been approved by an authorized institutional review or a privacy board, then PHI may be shared for learning purposes, but with any identifying information redacted.
-Legal: A practice may need to disclose PHI if required to do so by federal, state, or local law. This could be for a number of reasons, including lawsuits, criminal cases, or government-mandated compensation programs.
Closing & Signature
It’s also important to remind the patient that they have the right to request their own medical records at any time.
Much like when we discussed consent to treatment forms, having the ability to share forms digitally is a huge advantage of both the patient and the healthcare provider.
By using a trusted partner like IntakeQ, you can rest assured that all electronic forms are properly protected and secure under HIPAA-mandatory conditions. Plus, with the easy option to obtain signatures electronically, all the pesky “paperwork” can be handled in advance of an appointment at a time that is most convenient for the patient.
The Bottom Line
Be sure to protect both your patients and your practice’s integrity by offering each new patient a detailed and easy-to-understand account of how their PHI could potentially be used. This will help to mitigate any misunderstandings or claims down the line, plus help secure your position as a loyal healthcare partner.
We here at IntakeQ are available to help create these forms for you, or take your existing paper documents and turn them into convenient electronic forms—all you have to do is ask!