Hospitals and healthcare providers often cite medical privacy laws when they are asked for information about patients. They are bound by the Health Insurance Portability and Accountability Act (HIPAA), which governs issues on who has access to a patient's medical information. But the law is often cited by people to whom it does not apply and for issues to which the law does not extend.
HIPAA (pronounced hip-ah) rules are intended to keep personal health information private. Laws about patient privacy were originally added into the act because of concerns that conditions such as being HIV positive or having cancer could be made public, which could lead to discrimination by employers and health insurance companies. The law applies only to healthcare providers, health insurance companies, and clearinghouses that manage health information, along with business associates. But it has been cited by healthcare professionals as a reason not to share information with the patient's family or caregivers. Healthcare providers are allowed to use their professional judgment in these situations if they feel that the release of information is in the best of interests of the patient.
This means that the rules do not apply to someone who thinks she would be breaking the law if she called other friends to let them know a friend is sick. It means that a patient's family member can give more information to healthcare providers about the patient, although providers can withhold information from family members who do not have legal standing, such as a healthcare proxy or a power of attorney. The patient can make his or her wishes known about their medical information either verbally or in writing.
HIPAA is sometimes used as the reason for not giving a patient his or her own medical information. Patients always have the right to their own medical records, although they may be charged a copying fee.
Often, healthcare providers are cautious about medical privacy because the law calls for large fines and even possible imprisonment for breaking the law.
Rep Doris Matsui (D-CA) has introduced legislation in Congress to clarify HIPAA rules on privacy.
