September 15, 2018
HIPAA has been law for over 20 years, and while we all sign forms at the doctor’s office (usually without reading them) acknowledging your healthcare provider’s HIPAA policy, have you ever stopped to think about what it actually means? The ‘P’ in HIPAA stands for portability, but you would not think so. One of the most fundamental HIPAA rights the law gives you is the right to have access to your own healthcare data. So why is HIPAA so often used as an excuse not to give you access to your own health information?
HIPPA defines how your health records need to be protected by anyone that has access to it delivering your healthcare. Specifically, HIPAA protects , or PHI. The Office of Civil Rights enforces these privacy measures, and levies fines on companies that allow security breaches that expose your data. You can see reported breaches on the OCR portal.
HIPAA requires that a “covered entity” must treat PHI with special care, and requires that any other business they share your data with enter into a Business Associates Agreement (BAA). These 3 parties have to operate under the regulations as well and protect your data. HIPAA protections include the security and the privacy that you can expect will be in place for anyone handling your data. So it could be the company that was hired to print your insurance cards, or collect payments for healthcare services. Basically your PHI is all over the place.
There is a growing movement to empower consumers to get ahold of their healthcare data, and a growing number of consumers are doing just that. And why would you not want to do that? After all it is your data. You need it for everyday things, like telling your new daycare provider about your child’s immunizations, or telling your elderly mother’s new specialist what medications she is on, before they prescribe something that will cause unsafe interactions.
So how do you go about it? At ICmed we recommend going to www.getmyhealthdata.org, and following the simple steps outlined there. GetMyHealthData has a lot of useful tools, including prewritten memos you can send your providers requesting data and asserting your rights to your data.
The next important thing to know is that your healthcare provider is obligated to provide your data in the form and format requested, if readily producible in that form and format. If they cannot, then they must provide a readable hard copy. Many practices provide access through a portal, but that does not prevent you from asking for it in another electronic format.
The first thing to know is that once you have your data you can share it with anyone you want. This is important, because healthcare so often involves caregivers who need this vital information. Whether it is your spouse (or ex-spouse) that is taking the kids to the doctor, your parents watching the kids for the weekend, or your siblings sharing in care for an elderly parent, there is a constant need to share health information in everyday life, and HIPAA does not constrain you from doing this.
Make sure to think about where to store that data. The ICmed app is a convenient place, and it allows you to share your data conveniently with your spouse, your kids, your parents, your caregivers, and even your doctor.
Now that you are armed and dangerous to ask for your data, you face the next obstacle. Your data is spread all over creation. Why is it so fragmented? Look for more on this in a future blog! The good news is once you have started this journey, you have taken the first step to take control of your and your family’s health data, share it as you deem appropriate, and learn from it for better health.
Original posted 12/16/2016