5 Things You Should Know About Your Medical Privacy As Covered By Hipaa

October 5, 2023 By

By Greg Garner

Title I of HIPPA (Health Insurance Portability and Accountability Act) protects the health insurance coverage of workers and employees in the event of job loss or job switch. Title II of said Act, known as Administrative Simplification, details the requirements of establishing national standards for electronic health care transactions and identifiers of provider, employer and health insurance plans. This title also lays down provisions to address privacy and security issues pertaining to health data. A recent study has revealed that the lack of proper encryption, inadequate funding and shortage of staff has degraded the system of comprehensive data protection. Most health care organizations are not sure of the exact location of patient data. Under such circumstances, it becomes imperative to learn about the medical privacy covered under HIPPA.

1. Controlling Medical Information

The ability to control your medical information falls within the range of some control and no control. There are situations where you have the opportunity to object or give consent, and others where your consent is not required. Few cases may require your authorization. According to HIPPA there is a clear distinction between authorization and consent. An authorization should be given out on a separate document specifying disclosure details. Consent is less formal.

2. When flow of medical information is beyond control


Such information is required by local, federal, state or public health regulatory authorities. When a person is exposed to a communicable disease or the subject of a Federal Food and Drug Administration issue, there is no need for consent. Consent for accessing medical information is not required when the information is required by the employer for conducting medical surveillance in the workplace or evaluating work related injury or illness.

3. When your medical information may be used without consent

Consent for using your medical information is not required when it is used for treatment, health care operations or payment. Your consent is not necessary when the information is utilized by a business associate of your health care plan. Services provided by business associates may include financial, accounting, administrative, accreditation, management, consulting, data aggregation, actuarial and legal.

4. How to know the number of people that have accessed the medical information

HIPPA strives to limit the number of areas in which people can access your medical information. However, there is no realistic way to ascertain the number of people that may have accessed your medical information. For example, when you are admitted to a hospital, hundreds of hospital employees have access to your medical information.

5. When is authorization required?

HIPPA requires your specific authorization if the disclosure is required for psychotherapy or for marketing. An individuals psychotherapy notes are protected, subject to exceptions such as defending a health plan or a doctor or undergoing staff training.

The health care industry, as a whole, needs to be more careful about protecting classified medical information pertaining to an individual. Individuals should also become more aware of their rights and how to enjoy and protect them.

About the Author: For more information please visit our

HIPAA certification

website or our

Bloodborne Pathogens




Permanent Link: