Are you interested in learning more about a medical assistant’s role in patient privacy? Can a medical assistant look at my medical file? Many medical assistants are restricted from divulging personal health information under the HIPAA act. They must keep all personal health information confidential, provide privacy notices for routine and non-routine disclosure of personal health information and allow the patient to request access to the information. The information protected under the HIPAA act include information a physician, nurse, medical assistants or health care provider puts into your medical record, conversations that the physician has about treatment, and billing information.

In the past 14 years, there were over 165,000 HIPAA complaints, of which 97%  were resolved, according to the U.S. Department of Health & Human Services. To date, the Office for Civil Rights (OCR) has settled or imposed a civil money penalty in 52 cases in the total amount of $73 million. Some of the investigated complaints came against national pharmacy chains, major medical centers, health plans, and hospital chains. In the cases that were investigated, the main issues included the impermissible use and disclosure of personal health information, insufficient safeguards in place, and inappropriate or compromised access to personal health information.

The benefits of the HIPAA act include giving patients more control over their medical records, boundaries are set on the use of personal health records, safeguards are established to ensure the protection of health information and violators are held accountable and face both civil and criminal penalties.

It is important to note that there are a group of organizations that are not bound by HIPAA regulations, they include life insurance companies, employers, workers compensation carriers, schools, state agencies, law enforcement agencies and municipal offices.

What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 was developed to help ensure the confidentiality of medical records in the age of the computer. The HIPAA privacy rule requires that healthcare providers, including doctors, nurses and medical assistants, health plans and healthcare clearinghouses gain authorization before they can use or disclose protected patient information. This privacy rule requires that the covered entities provide patients with written notice of their privacy practices and the patient’s privacy rights. Further, all pharmacies, health plans and other covered entities must obtain an individual’s authorization before sending marketing materials. Lastly, patients must be able to access their personal medical records and have the right to request changes to correct any errors.

What is PHI?

Personal health information (PHI) includes any information that can identify a particular patient including the patients’ name, address, phone number, Social Security number, email address, medical record number, health insurance beneficiary number, account number, vehicle identifiers, URL or Interne Protocol address, biometric identifiers, full face photographic images or any unique identifying number, characteristic or code.

Protected health information (PHI) involves this information and how it is treated when transmitted electronically.

Patient’s Rights Under the HIPAA Act

The patient has many rights mandated by the HIPAA act, they include:

The Right to Notice of a Facility’s Privacy Practices – patients have the right to a copy of the Notice of Privacy Practices used by the physician’s office. A copy of this document must also be prominently displayed in the medical office. This notice must include how personal health information is used and disclosed by the facility, the patient’s rights regarding personal health information, how complaints can be filed, the person to contact for more information and the effective date of the Notice of Privacy Practices.

The Right to Have Access to, View and Obtain a Copy of Their Protected Health Information – records are owned by the maker however, patients must be allowed to access their own personal health information.

The Right to Restrict Certain Parts or Uses of Their Protected Health Information – patients can request restrictions on the use of their personal health information. Although, the provider does not have to honor the restriction, they must give a good reason for not honoring the request and offer an appeal process for the patient.

The Right to Request that Communications from the Facility Be Kept Confidential – the patients has the right to choose where the provider sends confidential communications. The patient has the choice of mobile phone, home phone or email.

The Right to Request that the Facility Amend the Protected Health Information – after a patient inspects their medical record, they have the right to request an amendment to the medical record if an error is found.

The Right to Receive Notice of All Disclosures of Their Protected Health Information – the patient may request an accounting of all disclosures of the patient’s personal health information that are non-routine.

How Personal Health Information is Protected

Those bound by HIPAA regulations must put in place safeguards to protect patient health information. They must limit the use and disclosure of personal health information to the minimum necessary to accomplish medical and billing tasks. The covered entities must put into place proper training for employees about how to protect patient health information.

Electronic Health Records (EHR)

Health care providers are replacing paper records with electronic health records however this does not change the privacy protections that apply to personal health information. An electronic health record could include medical history, physician’s notes, symptoms, diagnoses, medications, lab results, vital signs, immunizations and other diagnostic tests. Although these electronic health records may be set up to be shared with other doctors, nurses, medical assistants, hospitals and health care providers, information should only be shared for purposes authorized by law and the patient.

To keep electronic health records safe, medical assistants should keep passwords limited to those that are authorized to see the personal health information. Personal health information should be encrypted so it can only be read if decrypted. If records are accessed there must be a record of access. The medical assistant should notify the proper authorities if personal health information is breached.

Discussing Information with Family and Friends

The HIPAA rule permits the medical assistant to share information with family and friends that are identified to them by the patient. The HIPAA rule does allow parents to see the medical records of their children as long as it is allowed by state laws.

Did the discussion of patient rights under the HIPAA act interest you? Are you interested in becoming a medical assistant? Meridian College offers hands–on Medical Assistant training from experienced school faculty who know how to prepare you for the daily challenges you’ll face on the job. From assisting doctors with patients to important administrative tasks, our experienced Medical Assistant program teachers will train you for a rewarding new career.

Contact Meridian College today to learn more about becoming a medical assistant.