Print URL:

Patient privacy is improving, but you have to do your part

By Mary Shedden
Published: August 17, 2013 Updated: August 17, 2013 at 10:42 PM

Long before you step on the scale at the doctor’s office, or a blood pressure band squeezes your bicep, there’s the paperwork.

Every visit seems to start with pages needing you to “sign this” and “sign that,” and forms full of “How ya feelin?” and “What brings you here today?”

It’s easy to rush half-heartedly through these documents, especially when you feel like crud. But there’s one worth looking at more closely, because it changes how you and others will access your personal medical records.

Starting next month, doctors, hospitals and anyone else in health care will face penalties for not completing a list of upgrades to the Health Insurance Portability and Accountability Act, a 1996 patient privacy law best known as HIPAA.

That clipboard of paperwork must include the new rules that increase a consumer’s control over medical information, said Angela Dinh Rose, director of practice excellence at the American Health Information Management Association. It’s worth checking out the details, she says.

“A lot of people don’t understand what rights they have,” says Rose, who is based in Tampa. Read the fine print, she says, and you will find out you now can:

Request an electronic copy of any health record and get it within 30 days. Before, the specifics and timeline were less clear.

Pay 100 percent for a medical treatment and keep its details from your health insurance company. For example, someone who wants to get and pay for an HIV test can request the cost, results and other details stay confidential. Anyone who releases that information could be penalized or worse, Rose says.

Prevent your personal medical information from being used in a facility’s fund raising or marketing campaigns. If you don’t want your hip replacement or cancer treatment added to the numbers used in promotional materials, you now can say so.

The privacy law makes it even easier for consumers to compile their own health records, says Julie Wolter, director of the health sciences program at St. Louis University.

Doctors and hospitals each are required to keep your records, but you are the only one who has access to the whole picture, she says. Electronic, paper or whatever way you keep the records doesn’t matter; it’s more important you or a family member you trust starts collecting, she says.

“What is the only common link we have now (with medical records)? It’s the patient,” Wolter says. “It’s important the patient understands all of their health care.”

The best place to ask for the records? The front desk, Wolter says. Office staff is more likely to know where and how to copy the information you need, she says. Besides, that allows you to focus on the medical nitty gritty with the nurse, nurse practitioner or physician.

The HIPAA law changes also increase which companies must protect patient information; subcontractors that work with hospitals or doctors will now face penalties for leaked information, the law states.

This latest update helps hospitals better understand the relationship between technology and privacy, says Richard Paula, Tampa General Hospital vice president and chief medical information officer.

The increased accountability means hospital technology departments are beefing up internal security, he says. “HIPAA really brought to the forefront the issue of protecting patient data,” he says.

Illegally accessed information is a real problem for many hospitals. Last month, a Los Angeles hospital fired six workers for tapping into the computer records for Kanye West and Kim Kardashian’s infant daughter.

Tampa General this summer had a similar experience, firing a University of South Florida nurse who improperly accessed and shared personal medical information of a relative. The breach happened several years ago but wasn’t discovered until recently.

Paula says the hospital has since introduced extra protections, logging every time a person looks at a patient’s records. “Our employees know they are being watched,” he says.

Other steps, such as an outside audit of hospital record security, are among the reasons Tampa General and six area Florida Hospital facilities were recently recognized as “Most Wired” hospitals, Paula says.

The magazine “Hospitals and Health Networks” recognized the hospitals for improving the electronic, in-house transfer of clinical information and for security systems surrounding that data.

The magazine also includes in its annual ranking a survey of its “Most Wired” hospitals. An area ready for improvement, the hospitals say, is the way hospitals and physicians and hospitals and their patients communicate.

For example, Tampa General’s patient portal called “My Chart” provides online record access to more than 8,700 patients treated at the hospital’s ambulatory center. Patients at the main hospital are still unable to get lab results and other information that way, Paula says.

Wolter says this evolving – and still incomplete — exchange of information means consumers need to take the lead in keeping their own medical records.

Doctors will communicate differently. Some will focus on email; others will ask you to access records via a portal like the one at Tampa General. And some will still ask you still pick up the phone and talk one-on-one, she says.

“Patients have to be ready to ask.”

[email protected]

(813) 259-7365

Twitter: @MaryShedden