Confidentiality is the right of an individual to have personal, identifiable medical information kept private. Such information should be available only to the physician of record and other health care and insurance personnel as necessary. As of 2003, patient confidentiality was protected by federal statute.
The passage of federal regulations (the Health Insurance Portability and Accountability Act of 1996) was prompted by the need to ensure privacy and protection of personal records and data in an environment of electronic medical records and third-party insurance payers.
Patient confidentiality means that personal and medical information given to a health care provider will not be disclosed to others unless the individual has given specific permission for such release.
Because the disclosure of personal information could cause professional or personal problems, patients rely on physicians to keep their medical information private. It is rare for medical records to remain completely sealed, however. The most benign breach of confidentiality takes place when clinicians share medical information as case studies. When this data is published in professional journals the identity of the patient is never divulged, and all identifying data is either eliminated or changed. If this confidentiality is breached in any way, patients may have the right to sue.
The greatest threat to medical privacy, however, occurs because most medical bills are paid by some form of health insurance, either private or public. This makes it difficult, if not impossible, to keep information truly confidential. Health records are routinely viewed not only by physicians and their staffs, but by the employees of insurance companies, medical laboratories, public health departments, researchers, and many others. If an employer provides health insurance, the employer and designated employees may have access to employee files.
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 requires all professionals and organizations to guard the privacy of their patients and customers. Individuals must provide written consent for any and all releases of medical or health-related information. Employees at all levels are required to maintain confidentiality. Similar policies have been in place for some time. This was a requirement of the Joint Commission on Accreditation of Healthcare Organizations (JCAHO) to maintain accreditation. All confidentiality releases must identify the types of information that can be released, the people or groups that have been permitted access to the information, and limit the length of time for which the release is valid.
Before the enactment of HIPAA, despite having voluntary safeguards, patient confidentiality had eroded with the almost-complete dominance of health-maintenance organizations and other types of third-party payers. Confidentiality is essential for a good relationship between patient and practitioner, whose duty to keep information private stems from the Hippocratic Oath. If personal information is disseminated without the patient's permission, it can erode confidence in the medical profession and expose health care professionals to legal action.
Physicians are increasingly being sued by patients whose information has been released without their permission. Even though the plaintiffs do not always prevail, the costs of legal action are burdensome to both sides.
Each state and the federal government have enacted laws to protect the confidentiality of health care information generally, with particular attention paid to information about communicable diseases and mental health. For example, through the 1960s substance and alcohol abuse were treated as mental illnesses, with patient confidentiality determined by the laws in each state, since at the time the state was responsible for mental health care and treatment.
In the early 1970s, however, the rising numbers of those needing substance abuse treatment came to the attention of the federal government, because drug-related activity, including the treatment for substance abuse, could be the basis for criminal prosecution on a federal level. Congress concluded that this might stop individuals needing treatment from seeking it. HIPAA was enacted to provide a strict confidentiality law and limit disclosure of information that could reveal a patient's identity.
Confusion ensued when practitioners who were treating substance abusers were required to follow two practices for patient confidentiality. One set of requirements was mandated by the state. The federal government dictated the other. With the varying degrees of protection provided by state mental health laws, the confusion increased. While all states specify exceptions to confidentiality, few have spelled out the necessary elements of valid consent for disclosure of mental health information. Some states presently allow disclosure of the following types of mental health information without patient consent:
Prior to 2003, providers had become increasingly concerned that these exceptions are not addressed uniformly, particularly when providers and payers conducted business across state lines. This resulted in open-ended disclosures that specify neither the parties to whom disclosure is to be made nor the specific information allowed to be revealed.
Both the ethical and the legal principles of confidentiality are rooted in a set of values regarding the relationship between caregiver and patient. It is essential that a patient trust a caregiver so that a warm and accepting relationship may develop. This is particularly true in a mental health treatment.
The Health Insurance Portability and Accountability Act of 1996 was enacted to address the issue of patient confidentiality. Full implementation of HIPAA regulations began in April 2003. If individuals and organizations having patient data adhere to the requirements of HIPAA, patient confidentiality will be enhanced.
HIPAA provides a uniform set of guidelines that apply to all providers and organizations. HIPAA requirements are not affected by state boundaries.
See also Informed consent ; Patient rights .
Carter P. I. HIPAA Compliance Handbook 2003. Gaithersburg, Maryland: Aspen, 2002.
Hubbard, M. W., K. E. Glover, and C. P. Hartley. HIPAA Policies and Procedures Desk Reference. Chicago: American Medical Association, 2003.
Pabrai, U. A. Getting Started with HIPAA Boston: Premier Press, 2003.
Radford, Roger. Informed Consent. Booklocker.com , 2002.
Cole A. and K. Oxtoby. "Patient power." Nursing Times 98 (2002: 22–25.
Landrum, S. E. "Patients' rights and responsibilities." Journal of the Arkansas Medical Society 99 (2003): 222–223.
Rosenbaum, S. "Managed care and patients' rights." Journal of the American Medical Association 289 (2003): 906–907.
Sugarman, J. "Missing the informed in consent." Anesthesia and Analgesia 96 (2003): 319–320.
American Academy of Family Physicians. 11400 Tomahawk Creek Parkway, Leawood, KS 66211-2672. (913) 906-6000. http://www.aafp.org . http://fp@aafp.org.
American College of Physicians. 190 N Independence Mall West, Philadelphia, PA 19106-1572. (800) 523-1546, ext. 2600. (215) 351-2600. http://www.acponline.org .
American Medical Association. 515 N. State Street, Chicago, IL 60610. (312) 464-5000. http://www.ama-assn.org .
National Patient Advocate Foundation. 753 Thimble Shoals Blvd, Suite A, Newport News, VA 23606. (800) 532-5274. http://www.npaf.org . http://action@npaf.org.
American Psychological Association. [cited March 21, 2003] http://www.apa.org/practice/senate_compromises.html .
HIPAA website. [cited March 24, 2003]. http://www.hipaa.org .
National Academy of Sciences. [cited March 21, 2003]. http://www.nap.edu/readingroom/books/for/index.html
Persons United Limiting Substandards and Errors in Health Care (P.U.L.S.E.). [cited March 21, 2003]. http://www.pulseamerica.org .
Stanford University. [cited March 21, 2003]. http://www.stanford.edu/class/siw198q/websites/HearingMar01/bill.html .
U.S. House or Representatives, Democratic Staff or the Energy and Commerce Committee. [cited March 21, 2003]. http://www.house.gov/commerce_democrats/pbor/107pborsummary.htm .
L. Fleming Fallon, Jr., MD, DrPH
to families under certain circumstances.
in what circumstance, medical practioners are allowed to disclosure the information that patient required to be confidential to his or her familly member?
could you tell me is any specific resource I can access to related to above question?
Is it avainst hippa ruled
I have a question in regards to E.R. general consent obtained or not obtained at time of visit. Registration Manager lied to Arbitrator and
said that by law you can not ask patient to sign a general consent after they have been treated.
I have been told in the past you can do an addendum to complete the file as long as you do not back date it.
It must be the exact date you obtained the signature from patient to
complete the file. Example 1/5/2011 and under that date you must indicate
reason for late entry and write for services on 1/1/2011. Generally it is unlikly for you to get general consent once the patient leaves. But in some cases the patient returns to sign general consent and you are able to complete the record.
This Manager has told Arbitrator that you can not by law bill a patient without general consent forms signed at time of vist, She has said it is illegal to have a patient return to sign a general consent. Claiming it is a smoking gun and can open the hospital up for an audit.
If this is true there needs to be an audit on this hospial, I have worked there for 8 years and general consents go unsigned quite frequently and the patients who did not sign general consent while seen in the ER are being billed. And insurance is being filed from both medicare and medicaid
and payment is being accepted.
I thought HIPPA replaced mandatory rules on general consent and replaced it with voluntary consent provision, that permits healtcare providers to obtain consent for treatment,billing,payment,and healthcare operations so it does not delay or disrupt needed treatment.
The Arbitrator ruled you can obtaing a signature after a patient leaves, if done correctly as an addendum, you must not back date or present that you obtained signature at time of visit, it must be explained and correctly dated. As mentioned above.
I hope you can help direct my concerns. Or let me knowwho I can contact.
Thank you
I have a question in regards to E.R. general consent obtained or not obtained at time of visit. Registration Manager lied to Arbitrator and
said that by law you can not ask patient to sign a general consent after they have been treated.
I have been told in the past you can do an addendum to complete the file as long as you do not back date it.
It must be the exact date you obtained the signature from patient to
complete the file. Example 1/5/2011 and under that date you must indicate
reason for late entry and write for services on 1/1/2011. Generally it is unlikly for you to get general consent once the patient leaves. But in some cases the patient returns to sign general consent and you are able to complete the record.
This Manager has told Arbitrator that you can not by law bill a patient without general consent forms signed at time of vist, She has said it is illegal to have a patient return to sign a general consent. Claiming it is a smoking gun and can open the hospital up for an audit.
If this is true there needs to be an audit on this hospial, I have worked there for 8 years and general consents go unsigned quite frequently and the patients who did not sign general consent while seen in the ER are being billed. And insurance is being filed from both medicare and medicaid
and payment is being accepted.
I thought HIPPA replaced mandatory rules on general consent and replaced it with voluntary consent provision, that permits healtcare providers to obtain consent for treatment,billing,payment,and healthcare operations so it does not delay or disrupt needed treatment.
The Arbitrator ruled you can obtaing a signature after a patient leaves, if done correctly as an addendum, you must not back date or present that you obtained signature at time of visit, it must be explained and correctly dated. As mentioned above.
I hope you can help direct my concerns. Or let me knowwho I can contact.
Thank you
thank you
Thank you for any and all help you can provide. this is in the state of Oregon.
ANYWAYS, I am afraid if I sue, contact the OIG or whatever I won't be able to be successful obtaining my government benefits - they'd hold it against me. What should I do? All I need are my benefits, but I they used the original discrimination against me in my first application processes. I didn't call it discrimination, I just said that it was wrong that they did x and blamed it on my disability.
what should I do.
It states it in an audit. I feel it is a violation of my privacy. A complete summary of every condition, surgery, medication, test result & family history was included.
Also it says that the medical referral summary is Not declaring MU conformance.
What does that even mean?
From the very beginning of his divorce there have been major issues with his ex, she neglects the children.
I began reading some of the med recs on my granddaughter in order to note any concerns. I saw where her md kept noting in my GD's medical record that she wanted med info from all of her other doctors she saw I guess making sure that she was taking her to see these doctors. So I sent copies of all the med recs. from the other md she saw.
I included some other med info I just received from a visit to the hospital caused by a DKA. After I put text messages, after office md call concerning being high, hospital recs, etc. I noticed that the ex had been lying to the clinic doc and the hospital doctors. She played md at home and GD was throwing up, over 500, sick sick sick. But she didnt take her in till next morning. She was 733 once she got to hospital. I told all this and much more to her doctor. My GD was always in the 300 to 400 range, always. Years of neglect and I wanted to report it. I told her I needed backing from her. she wouldn't do it. I was so upset. I told this doctor that I would then have to go the admitting md at the hospital.
Well, the md contacts the ex and she diverged everything I said to her. The next that I know the ex is at the hospital making up lies about me to the SW who so happen to be the person I was talking to about getting me an appt. with the md. This Sw contacts Risk Mgmt and tells her lies about me to the RM person. (I have copies of my emails)
This RM person now contacts my office and talks with my boss and passes all these lies from the SW and RN, saying that I am trying to make an appt for my GD to see this md that saw her in the hospital to him. And that I had been at the hospital getting GD's copies of med recs. All lies. i got blocked from seeing MD. There is a lot more to that story!
Then a few days later I am using GD patient portal for the first time to see if I can get downloads of GD meter readings which I have asked for so many times. ( Please note that the HR person told me that my son and I could use this portal, gave us info where to sign up, etc. ) Someone from the office that I emailed about these records saw my email address and they didn't have any record on me, So, she contacts High Risk person again. Now, she never mentions that she gave me access to this portal and that I was my son't proxy, nothing.
What does she do, she contacts my boss again and proceeds to tell him about my GDs portal and that I am trying to get MR (note this HR person has had all my proxy paperwork for years) She never contacts me to ask me about anything, she contacts my boss. I told my boss that HR has no rights at all to contact him about anything to do with my GD even though I work for him.
I just wanted to know can this doctor contact ex and tell her everything I said. Note meeting was charged to my son's insurance and told staff to bill me if all was not covered.
And, can HR from hospital contact my boss about anything dealing with my GD even though I work for him and I am a liason at that hospital.