Get certified in HIPAA for Leaders for just $49.95.
To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video
Now let’s talk about patients' rights. Patients' Rights include your rights when you go see the doctor. You can ask for a copy of the rights and privacy policies of your doctor or hospital. Individuals, including yourself, are entitled to see or get a copy of medical records that your practice keeps. Patients may not be allowed to see certain parts of the full record, but they have the right to ask. With the rising cost of healthcare, we are seeing an increase in people paying for their medical services. You are not required to disclose PHI with a patient’s health plan for payment if he or she is paying for the services. A covered entity must provide an accounting of all PHI disclosures made for treatment, payment and healthcare operations during the prior six years upon request. This includes financial records as they are tied to the health care services. Covered entities are required to provide individuals a privacy practice policy if requested at all times. This notice describes how medical information about you may be used and disclosed and how you can get access to this information. It also describes the process for patients to use in filing complaints, what types of uses and disclosures of PHI are permitted, and what types of uses and disclosures require authorization. Now let’s talk about patient authorization. Patient authorization is necessary to obtain an individual’s personal health information and billing but it is not required to treat the patient.. We often get asked “can I see a patient without written authorization?” Yes, you can. It is a good idea to update their medical record and note that. In the event of a workers compensation claim or OSHA, you can provide the patient information. You can alert law enforcement officials of imminent danger to self or others without written authorization. Think of this as protecting a minor. You know what abuse looks like. If you suspect it you are authorized to report it. It just may save a child’s or adult’s life. In another example: The HIPAA Privacy Rule allows covered health care providers to disclose PHI about students to school nurses, physicians, or other health care providers for treatment purposes, without the authorization of the student or student's parent. For example, a student's primary care physician may discuss the student's medication and other health care needs with a school nurse who will administer the student's medication and provide care to the student while the student is at school.
In this lesson, we're going to go over patients' rights, what information requires authorization, what information does not require information, and give you a few examples along the way. At the end of the lesson, we'll provide you with an additional Word about patient health information privacy rights.
Most of us believe that our medical information and other health information is private and should be protected, and many want to know who has this information. The HIPAA Privacy Rule gives patients rights over their health information and sets rules and limits on who can look at and receive their protected health information.
Pro Tip #1: All covered entities are required to provide individuals a private practice policy if requested at all times. Healthcare organizations' private practice policy should describe several things, including:
These patient rights include asking for a copy of their healthcare provider's rights and privacy policies when they visit their primary physician or local hospital. All patients are entitled to see or get a copy of his or her own medical records that each healthcare practice or organization keeps.
Pro Tip #2: All covered entities must provide an accounting of all protected health information disclosures that are made for treatment, payment, and healthcare operations during the prior six years upon request. This includes all financial records as they are tied to the healthcare services.
One important caveat for patients: If you are receiving medical care while also paying for your own medical services, you are not required to disclose any protected health information with your health plan.
Pro Tip #3: Patient authorization is necessary for covered entities, like healthcare organizations, to obtain an individual's personal health information and billing information for purposes other than treatment, payment, or healthcare operations. However, it is not required in order for the patient to receive treatment. And as you'll see below, there are some exceptions that should be noted.
A common question many physicians have is: Can I see a patient without getting written authorization? The answer is, yes, you can. However, it's a good idea to update their medical records and make a note of that when or if it happens.
Sharing Patient Information Without Authorization:
Other circumstances that do not require patient authorization are situations when there's a need to alert law enforcement officials of an imminent danger, either to the patient himself/herself or if the patient is a danger to others.
An example of this would be trying to protect a minor from abuse. If you're a physician who suspects abuse, you are authorized to report it.
Another example: The HIPAA Privacy Rule allows covered healthcare providers to disclose protected health information about students to school nurses, physicians, or other healthcare providers for treatment purposes without requiring authorization of the student or the student's parents or guardians.
For instance, a student's primary care physician can discuss a student's medication or other healthcare needs with a school nurse who will administer medications and provide care to the student while he or she is at school.
For patients, knowing their rights is the first step to protecting them.
As noted at the beginning of this lesson, patients can ask to see or get a copy of their medical records and other health information. However, if they want a copy, they may have to put their request in writing and pay for the cost of copying and mailing. In most cases, their copies must be given to them within 30 days.
Patients can ask to change any wrong information in their file or add information if they think something is missing or incomplete. For example, if a patient and his or her hospital agree that the file has the wrong results for a test, the hospital must change it. Even if the hospital believes the test result is correct, patients still have the right to have their disagreement noted in their file. In most cases, the file should be updated within 60 days.
By law, patients' health information can be used and shared for specific reasons not directly related to their care, like making sure doctors give good care, making sure nursing homes are clean and safe, reporting when the flu is in the patients' area, or reporting as required by state or federal law. In many of these cases, patients can find out who has seen their health information.
Patients have two options: