Disclaimer: This transcript has not been edited for grammar, spelling, or punctuation.
Right now we are thinking about our healthcare and our privacy, more than ever. Of course, the reason is because of the coronavirus and all of the things that, that has stirred up about our own healthcare. And how it relates to privacy and the government's role in maintaining or protecting our privacy, where employers have to stand in the issues related to privacy. And it's really been such a hotbed issue, that I got inspired to just lay out for you. What healthcare privacy really does mean what are the limits of healthcare privacy for us as individuals? And what the law says about our healthcare and our privacy.
This is the smart planning 101 podcast. From Honolulu, Hawaii, Aloha everyone. I'm Nicole Wipp and I'm your host.
In the early nineties, I got a call from someone who wanted to share a bit of juicy gossip with me. The juicy gossip was that a mutual friend of ours had gotten pregnant by a married man. And the reason that my friend that was able to share this juicy gossip with me was able to was because another friend of ours that worked at a doctor's office and a position of trust. Had found out about it and then was spreading this information all over the place.
I remember at the time I was horrified on multiple levels about the situation. There was a lot going on about that situation that was upsetting. But I do remember that I was particularly furious, at the person that had gained access to this information and then felt free to spread it around to other people because I felt like that was an outrageous invasion of privacy from somebody that was in a trusted position that should not have been able to do that. I just couldn't believe that that had happened.
And this was my first experience with why healthcare privacy was so important. This was a medical professional that accessed this individual's medical records and then used this information to spread gossip about this person. It was crazy.
Because even if your reaction is to have no sympathy whatsoever for my friend who was pregnant. You can I'm sure, imagine multiple situations in which healthcare privacy, your health care privacy, your daughter's healthcare privacy, your son's healthcare privacy, your spouses, healthcare privacy, your mothers, your fathers, your uncles, your neighbors. Is important. There are just some things about your health care. That don't need to be known by others. And there are certain things that don't need to be known right now. We all need to deal with our healthcare issues in a private way in many times. And information about our health care can be very emotionally and mentally devastating. We need to be able to have time to process these things before we share any of that information with other people.
I could go on and on and on. And healthcare privacy is very important to a majority of Americans and now something like that could arguably, never happen. But, what things can happen? That's the thing. It's not that simple. And we're learning that, like I said, every day through the coronavirus.
So before I begin, I just wanted to say as always. Yes, I am a lawyer, but I'm not your lawyer. And this podcast is just intended to be general information only and not advice specific to your situation. So if you have a specific question about your situation. You really are best off to get advice from an attorney that specializes in healthcare, privacy, and or whatever your specific question is.
So HIPAA, the health insurance portability and accountability act of 1996 is a federal statute and acted and signed into law on August 21st, 1996.
So the question is, what does it even mean? What is HIPAA all about? What does it do for us? What doesn't it do for us? And so this is a 1 0 1 overview of those things. I'm not going to dive deeply into this topic because just like all laws we can go through twists and turns and there's always exceptions to every rule. And that's why it's so confusing though, the law always does create all these carve-outs and exceptions. But we're going to talk about what it is and how you can use it to your benefit and also understand the limits that it has for you.
So one of the most important things that HIPAA does give us as a right, is the right to access our own medical information. Now for some of us that might sound crazy. Like, why is, why do we have to have permission to access our own medical information? But apparently. Prior to the enactment of HIPAA getting your own medical record and other health information was not really considered a right that you had.
And so you do have that right under HIPAA, which is really great. And if you haven't asked for access about your entire medical record. I really encourage you to get it because understanding your entire medical record can inform the type of treatments that you get into the future. And I'll just tell you this on a personal level. I experienced this because I got very sick in 2015. And I subsequently discovered that information that was in my prior health record was coloring the way that the doctors that were treating me for the illness that I had because they were taking information that was in my prior health record and applying it to the current situation where it really was not applicable. And I did not know that until I was in the middle of this huge health crisis. And it was only after I realized that this particular information was in my healthcare record, that they were using that in a way that was not helping the current situation that I was in.
And so being an empowered consumer of healthcare does really mean guys that you understand what your entire medical record says so that when things are happening to you, you can speak to them and understand why potentially your medical providers are making these decisions related to your healthcare treatments.
To that end, HIPAA also enables you to change wrong information. In your file or add information to your file. If you think something is missing or incomplete. And just going back to my example that I just gave you. I had to make sure that there was additional information in my healthcare record that could inform my future treatments because the information was incomplete. And thus, I was being, given what I considered a subpar level of healthcare.
And so it's really good to check your medical record and then also change any information that you believe is wrong or add information that you believe needs to be added in order to complete your healthcare picture so that good decisions can be made on your behalf, especially by the way, if you are not able to participate in those healthcare decisions, because let's say you are too sick, you're in a compromised state because you're so sick or something like that. So you really do want to use the provisions of how HIPAA too do that for yourself?
You also have the right to know who has seen your healthcare information. And so you can learn how your healthcare information is used and shared by your doctor or healthcare insurer. It can't be used generally for purposes, not directly related to your care without your permission. So your doctor, for example, cannot give information directly to your employer. Or share it for things like marketing and advertising without your written authorization. You can give permission for your doctor to share that information. But if you don't give permission, your doctor's not able to just do that unilaterally. So that is something that you have the right to under HIPAA.
Also HIPAA allows you to let your providers or healthcare insurance companies know if there's information you don't want them to share. For example, you can ask that your health information not be shared with certain people, groups, or companies. But be aware that they don't always have to agree to do with what you ask, particularly if it affects your care.
And so you need to understand that, but that's worth having a conversation with your doctor about. If you want information to be restricted, then. Can it be restricted? Do they believe that it affects your care? But also, and I thought that this one was really interesting. You can ask your healthcare provider or your pharmacy not to tell your health insurance company about care you receive or drugs that you take, but you can only do that. If you pay for the care or drugs in full and the provider or pharmacy does not need to get paid by your insurance company. So you can restrict information to your insurance company, but then the key to that is then you have to be paying for those services in full.
The people that have to follow HIPAA though. And this is one of the things I think most people do not understand and is what causes a lot of turmoil right now in the media and other places is who has to follow HIPAA. It's what we call covered entities. And covered entities under HIPAA are not as broad as most of you think.
Covered entities are specifically healthcare plans like insurance companies, HMO's company health plans. Government programs that pay for healthcare like Medicare, Medicaid health plans. So that's one covered entity. The second covered entity is most healthcare providers.
Specifically, those that conduct business electronically. So anything that is regulated to electronically billing your health insurance? Doctors clinics, hospitals, psychologists, chiropractors, nursing homes, pharmacies dentists. They're covered entities. And also healthcare clearing houses. So entities provide or process non-standard health information. Any business associates of covered entities must also follow parts of HIPAA regulations.
And the question becomes with these covered entities. What information is protected? And so the information that is protected under HIPAA is information that your doctors, nurses, and other healthcare providers put in your medical record. It's also conversations your doctor has about your care or treatment with nurses and others. Information about you and your health insurers, computer system. Billing information about you at your clinic. And most other health information about you. That's held by those who must follow these laws. So it's about your specific healthcare information. That these covered entities have.
And so When it comes to who can look at and receive your healthcare information earlier, I made the statement that the doctors have to follow your direction to the extent that it doesn't interfere with your health care.
And what that means is that information can be used in shared for treatment and care coordination. To pay doctors and hospitals for your healthcare and to help run their businesses. Healthcare information can be shared with family relatives, friends, or others. You identify who are involved in your healthcare or your healthcare bills unless you object.
And just to put a pin in this, this is part of the reason why you definitely want to have healthcare power of attorney. That's a separate issue, but just recognize that you can identify people that are involved in your healthcare and give them access.
We also want to understand other places where people or entities can look at and receive our healthcare information. And these are all related to two main issues either to protect public health or to protect your ability to receive good healthcare.
So for example, people and entities can receive our healthcare information to make sure that doctors give good care and that nursing homes are clean and safe. Also, people and entities can receive your healthcare information. To protect public health, such as by reporting when things like flu or COVID are in your area.
And finally, your information can be used and shared to make required reports to the police. And an example of this is reporting gunshot wounds. The idea behind reporting information to the police. Is very much an alignment once again, with public interest. Because the idea is that certain types of health information like reporting a gunshot wound is also used and preventing, ongoing and active criminal activity. And so that's where the exception for that comes into play.
So this goes back to the thing that is very upsetting to many people. Which is the idea that the policy that public health overrides individual rights is upsetting to a lot of people, but the law provides that public policy, overrides individual rights for protecting public health. And so you just need to be aware of it.
And then to take our understanding of that topic a little further, we next have to think about what are not covered entities under the law. What are the organizations that are not required to protect our healthcare information? And I think that this is the thing that most people need to understand and where the greatest amount of confusion about healthcare privacy comes into play.
Because covered entities are the ones that I mentioned earlier. Healthcare providers, health plans, healthcare clearing houses. These are the ones that are required to follow the healthcare privacy rules.
Some examples of organizations that are not covered entities and therefore do not have to follow the privacy and security rules include life insurers and life insurance companies. Employers. Workers' compensation carriers. Schools and school districts, most schools, and school districts. Many state agencies like child protective services and adult protective services. Most law enforcement agencies and many municipal offices. And so understanding that your employer doesn't have to follow HIPAA privacy and security rules.
The information that your employer receives from a covered entity might be protected by HIPAA. But you might be required by your employment to give that healthcare information in order to keep, get, or maintain your employment and that your healthcare information is not protected for the purpose of that. You would have to voluntarily give that information up. But the idea is that your employer can ask you for it and you can say no, but then the employer is not required necessarily to respect the fact that you did not provide it.
So for employers, HIPAA is not the governing law that protects an employee's healthcare information. That actually falls under, for example, the Americans with disabilities act, which does require that employers that obtain disability-related medical information about an employee. They have to maintain it. And a confidential medical file that is kept separate from the employee's personnel file.
And so for that instance, such information may be disclosed only in limited situations. And two individuals specifically outlined in the Americans with disabilities act regulations. These individuals would include supervisors and managers who need to know about necessary work restrictions or accommodations.
For state and safety personnel, if a disability might require emergency treatment. And government officials investigating compliance with the ADA. But just recognize that those are two separate laws and the requirements under them are different. And that interconnectedness and the difference between that is where so much of the confusion often comes into place.
There is another law that does, protect employee health information. This is the genetic information nondiscrimination act. This requires employers that acquire an employee's genetic information to treat it as a confidential medical record in a separate medical file.
And so there's this interplay of multiple laws that do. Protect you and your medical information, but it's just recognizing how does that flow of information go? What are the laws that do require that? And so the ADA does protect certain medical information, specifically disability-related medical information about an employee, but it doesn't protect in the same ways. And for the same reasons that HIPAA does, and employers are not covered entities under HIPAA, but they are under the ADA. And so this is why this gets so confusing, right? Because there are so many different issues coming into play.
This is where the balance of what your health care privacy is, and who's required to respect it and understanding the differences of those things really comes in. I've had people say things to me. Like I have a constitutional right to my healthcare privacy. And that's not exactly an accurate statement.
Because there is a fundamental right to privacy guaranteed by the fifth and 14th amendments to the constitution. And this fundamental right to privacy does protect against unwarranted invasions of privacy by federal or state entities. But that right is not absolute and it has to be weighed against the state or federal, or even outside interests at stake.
And so the key to this is just understanding that the right to privacy is not absolute. And there are arguments about when your healthcare, privacy, or any other privacy, right? Can be invaded. And in fact, there are multiple exceptions that have been determined over the many years of legal wrangling about what privacy really means.
And I think a lot of people. Really conflate or really believe that their right to privacy is a hundred percent absolute. And I guess what I'm saying here is it's not, it's simply isn't. And I'll give you an example of an exception that the law has carved out.
In 1977, there's a case called Whalen V Roe that went to the Supreme court. And in this case, a group of New York physicians joined patients in a lawsuit that challenged the constitutionality of a New York statute that required physicians to report to state authorities, the identities of patients receiving controlled substances, also known as schedule two drugs.
And so physicians alleged that this breach doctor, patient confidentiality, the patients alleged that the disclosure was invasion of their constitutional right to privacy. And while the Supreme court agreed that the intimate nature of a patient's concerned about his bodily ILS and the medication he takes are protected by the constitutional right to privacy.
The court then went on to say that after balancing the state's interest, New York state's interests that requiring the disclosures. Two representatives of the state that have responsibility for the health of the community does not automatically amount to an impermissible invasion of privacy. And so the court went on and upheld the statute because the state's interest. And the health of the community over the road in this specific instance, the individual rights to healthcare privacy.
And this is something that we are consistently seeing now during this time of COVID, now you can agree with this or disagree with this, but this is the law as it stands right now. And so this is just something that I think a lot of people don't understand because I consistently hear people that believe that their rights are absolute and yet they are not. And this is just really important for everybody to understand that. And for everybody to understand how the law affects them, because the better that you're able to plan, the better that you're able to navigate through the world and the better that you're able to control your own environment.
As always thank you for listening. Do you have a question that you want answered on this podcast or an idea for one of my podcasts? I'd love to hear it. Visit smartplanning101.com/connect and make sure to subscribe.