HIPAA Regulations Protect Patients

By John Collett

In 1996, Congress passed federal legislation addressing some significant areas of concern in the national health-care system. This legislation, the Health Insurance Portability and Accountability Act (HIPAA), enhances patient protection in two realms: insurance coverage and patient privacy.

The health insurance portability portion of the legislation, which went into effect in 1996, protects individuals who are changing employment by limiting the extent to which insurance companies can exclude coverage for pre-existing conditions. If you move to a new health insurance plan within 63 days of termination of your previous coverage and you have had continuous coverage for 12 months, the new plan cannot invoke a pre-existing-condition exclusion. As you change jobs, you should keep coverage of some kind, whether under COBRA or an individual plan, to maintain the 12 months of coverage.

The accountability portion of HIPAA  provides comprehensive federal guidelines for protecting a patient’s fundamental right to privacy and confidentiality. The guidelines address how health-care providers, health insurance companies, and health-care billing services may use and disclose medical information relating to their patients. Through the implementation of these guidelines, HIPAA effectively eliminates inappropriate access to personal health-care information. Historically, entities such as lending institutions, marketing companies, and employers have sought confidential patient information for business decisions related to credit and loans, targeted mass marketing, hiring decisions, and other inappropriate uses. The new regulations put an end to those abuses of the system.

Under HIPAA, personal health-care information can only be released with specific written authorization from the patient involved. For example, if a drug company is looking to contact patients with a particular medical problem, the health-care provider must obtain specific written permission from the patient to release information to that drug company. The same applies to banks, attorneys, potential employers, and the like.

Protecting patient privacy The HIPAA regulations cover the ways in which health-care providers, health insurance companies, and health-care billing services can use and disclose information for treatment, payment, and health-care operations.

In order to provide treatment, for example, your medical center may disclose to an orthopedic surgeon, who is treating your broken leg, that you have diabetes because diabetes can slow the healing process. The surgeon may need to share that information with a dietitian, so that you can be served a proper diet while at the medical center, and so forth.

Your medical center may disclose medical information about services provided to you at the medical center in order to bill your insurance company or a third party and collect payment. Some health plans require prior approval for certain types of treatment or surgery, which is another instance in which your doctor or medical center may share information with your insurance company.

Your medical center may also use medical information about patients to review its treatment and services and to evaluate the performance of its staff in caring for you. The hospital might combine medical information about several hospital patients in the aggregate, so as to decide what additional services the hospital should offer and whether certain new treatments are effective.

In addition, HIPAA covers a number of special situations in which your medical information might be shared. If you are an organ donor, for example, your medical center may release that information to organizations that coordinate organ procurement. Medical information that is defined under public health laws is carefully spelled out in the new regulations, as are the circumstances under which information can be released to law enforcement officials.

HIPAA provides increased personal access. Not only does HIPAA provide greater protection of personal health-care information, but the law also gives patients more access to their own medical records. You have the right to receive and inspect a copy of medical information that may be used to make decisions about your care. If you feel that medical information is incorrect or incomplete, you may ask to have the information amended. You also have the right to request a limit on the medical information that is disclosed about you to someone who is involved in your care or the payment for your care, like a family member or friend.

For more detailed information about HIPAA’s privacy rules contact Cayuga Medical Centerdirectly or go the Cayuga Medical Center Web site at

John Collett is an assistant vice president at Cayuga Medical Center and serves as the medical center’s compliance officer.

Font Resize