What is HIPAA?

Getting to know the Health Insurance Portability and Accountability Act 

With Renee Skeels, CMH Health Information Manager

The Health Insurance Portability and Accountability Act (HIPAA) is a regulation passed by Congress in 1996. It went into effect in 2003. Part of the regulation has to do with patients’ privacy, confidentiality and federal rights when it comes to medical records. Here are a few of those rights:

• Patients are entitled to a copy of their medical records. They may be charged a fee to retrieve the record by some institutions, but at Columbia Memorial Hospital (CMH), we provide them in paper or electronic format free of charge. Patients here can access their records, including labs, radiology and clinic/hospital notes, on the myCMH patient portal online. 
• Patients can request an amendment to something on their record that they disagree with. That request goes to the provider, who can choose whether to amend the record or not. If they decline, patients have other avenues they can follow to include their viewpoint in the medical record. 
• Patients are provided a notice of privacy practices that discusses what a hospital can do with their information. They receive that notice the first time they have an appointment here at CMH. 
• Patients must sign releases for certain information to be shared with other providers or requesting facilities. 

Can my provider share info with my family members? 
If you give permission to your health care provider to discuss your health information, they can discuss it with family members. If you bring a family member into the room, it is implied consent that you’re allowing them to be present for the discussion, unless you ask them to leave. We also have a form that patients can sign to authorize the provider to discuss information with family members if you aren’t present. 

Can information be given to callers or visitors?
We don’t give out any patient information over the phone because we can’t identify who we’re speaking to. For visitors, an inpatient can elect not to be in our directory, so we won’t release any information about them. Otherwise, if someone asks for a patient by name, we can let them know what room they are in. 

What is a HIPAA violation?
There are a lot of things that would constitute a HIPAA violation, including (but not limited to): misdirected faxes or emails with patient information, discussion patient information in non-secure areas, not encrypting emails that have patient information, accessing patient information out of curiosity without a business reason, and tampering with or destroying patient information.