Likely you’ve heard of HIPAA—the Health Insurance Portability and Accountability Act. It’s a sweeping healthcare law passed by Congress in the 1990s. Most of us don’t know a whole lot about it, except for maybe that it protects our privacy when it comes to our health information.
Did you know that your doctor and your hospital are required by law to protect your health information from anyone outside who might want to look in—and from anyone inside who has no reason to view it? It’s governed by the HIPAA Privacy Rule and applies to all protected health information including your diagnoses, healthcare history, and prescriptions. The form—oral, written, or electronic—doesn’t matter. It’s all protected. Now that’s reassuring.
“At Prowers Medical Center, every staff member sees it as a resolute duty to protect patient privacy and we have several procedures and protocols to make sure that’s upheld,” said Karl Nieschburg, PMC Compliance Officer.
Prowers Medical Center complies with state and federal guidelines and provides mandatory training to all employees each year to keep them current on HIPAA regulations. All computers have passwords so only staff in a certain area can access files for that area. Prowers Medical Center protects data from the outside with strong firewalls and encryption software.
“Protections keep getting tougher and penalties greater for those who don’t live up to the standard,” Nieschburg said.
HIPAA has a “minimum necessary” rule. In other words, information is shared on a need to know basis only.
“That means only your doctor, any referring specialists, and the billing office to some extent have access to your health information. We take keeping patient health information confidential very seriously,” said Dianna Randel, PMC Privacy Officer.
Protections are a big positive, but sometimes they can cause a hassle. For example, a wife may need to call her husband’s doctor to ask about a new medication. The wife has no access to her husband’s protected health information, unless her husband signs an authorization form allowing her that access. These forms have to be signed yearly. This sounds like a hassle, but the intent is to ensure that in the case of a divorce an estranged spouse doesn’t inappropriately access their former partner’s information.
“Another common occurrence is when a visitor simply asks whether someone they know is a patient in the hospital,” said Dianna Randel. “We’re not allowed to share that information if the patient doesn’t wish us to. That is often frustrating for people calling us to ask.”
The hospital has a phone number that patients or staff can call any time to report a suspected breach of privacy. It’s called the Ethics and Compliance Hotline at 855-7414525. You can also go to www.prowersmedical.com and fill out a report online.
Accessing Your Health Information Through the Patient Portal
Did you know you can access your electronic health record from your home computer? All you have to do is visit the hospital’s website and follow the link from the homepage to the Patient Portal. There’s one for the hospital and one for the clinic. It’s easy to sign up, and once you do you can see all of your health information—a history of your visits, lab and imaging results, diagnoses, medications, etc. If you need help signing up, call the hospital’s IT team or medical records at 719-336-4343 and they can walk you through it. It’s free and much easier than requesting your medical record—which you can do as well with a 48 hour notice and a small fee.
“On a side note, if you have a family member for whom you were involved in their care or payment for their care that died before 2007, we want you to know that you can come in and get their medical records for free. Just bring a death certificate or birth certificate and your own proof of identification to show you are a family member,” Randel concluded.