The Health Insurance Portability and Accountability Act of 1996, known across the U.S. as HIPAA, is an important piece of legislation that protects patients’ privacy. The Federal law specifically outlines how patient data can be shared, to prevent sensitive information from falling into the wrong hands. Without HIPAA, patients wouldn’t have control over their own health information.
While HIPAA is undeniably important in the modern world of healthcare, the details of the law are often misunderstood by patients and providers. Here is precisely how HIPAA affects communication amongst providers and patients, so everyone can feel confident and in control.
The Health Insurance Portability and Accountability Act of 1996 was signed into law in 1996 amidst an environment of healthcare reform. Throughout the ‘90s, the Clinton Administration was eager to revolutionize healthcare in the U.S., providing as much healthcare access to as many Americans as possible — perhaps even instituting a universal healthcare system as is available in every other developed nation. At the beginning of his second term, Clinton signed HIPAA, which was intended to make it easier for Americans to obtain and keep health insurance, despite changing employment. Indeed, Title I of HIPAA achieves these goals, forbidding certain restrictions on group health plans and forcing insurers to extend coverage for those leaving group health plans.
However, what HIPAA is best known for nowadays is Title II — specifically, the Privacy Rule and the Security Rule, which were not added to HIPAA until 2003. The Privacy Rule establishes standards for safeguarding patients’ protected health information (PHI). PHI includes 18 types of data that help to identify a patient, like names, addresses, account numbers, full-face photos and fingerprints. Similarly, the Security Rule imposes restrictions on how healthcare providers can collect, store and transfer health-related information, like disease diagnoses and treatment plans.
Both the Privacy Rule and the Security Rule make it so that healthcare providers are not allowed to deliver information about a patient unless the patient provides their express consent. A common misunderstanding about HIPAA is that no one but the individual is allowed access to an individual’s health information, but the truth is that anyone can make a health information request; it is within the rights of the patient to permit or deny that request. Commonly, other healthcare providers (doctors, nurses, and specialists), as well as insurance providers, are granted access to a patient’s PHI through documents a patient signs at check-in. Other entities, like employers, can make demands for certain types of health information, like vaccination status, and it is an individual’s decision whether they comply.
HIPAA and Digital Communication
HIPAA sets strict rules on how healthcare providers and others with access to a patient’s PHI can manage that information to prevent leaks. Organizations found to be in violation of these rules can be subject to steep fines and other penalties, so most members of the healthcare community work hard to keep PHI secure, private and safe. Yet, digital communication has expanded massively in the decades since HIPAA’s Privacy and Security Rules first went into effect, and now both patients and providers rely heavily on services like text and email to remain in contact. Does HIPAA cover these digital communications in the same way?(1)
The answer, comfortingly, is an absolute yes. Patients are permitted to disclose any amount of PHI to providers in any manner they deem appropriate, from in-person visits to phone calls, text messages, and emails. It is then the provider’s responsibility to manage that PHI correctly to keep it private and secure. A provider who receives PHI through an email, for example, should seek consent from the patient to continue discussing sensitive topics despite the insecurity of the communication method. Some patients prefer the convenience of digital communication over the need for privacy; others might want to transfer the conversation to more secure space, like a phone call or a patient portal.
Communicating in healthcare isn’t easy in even straightforward circumstances, which is why providers benefit from earning a health communication certificate online. With the obstacle of HIPAA, health communication can seem impossible — but as long as both providers and individuals understand a patient’s rights under the law, it can be easy to connect and communicate about health.
Speaks from heart, always too passionate and driven by emotions. Spins the words with kindness & sharpness, intriguing your ever-inscrutable minds.