The Health Insurance Portability and Accountability Act (HIPAA) was enacted on August 21, 1996. It was primarily designed to protect the privacy, confidentiality, and security of health information. The Privacy Rule, which took effect in 2003, regulates the use and/or disclosure of protected health information. The information contained within this paper, regarding HIV patient privacy, will discuss the subjects of the HIPAA and Privacy Rule. This paper will also discuss patient care and rights.
II. Rights of Patients: Right to Life and Right to Privacy
Many HIV clinicians, both national and international, adhere to a Patient Bill of Rights that list the general rights that an HIV patient has, in regards to their treatment and privacy. Included in this section, are the basic 17 most important rights. Also included, as part of the Patient Bill of Rights, are 10 of the most important responsibilities of an HIV patient (Wilder, 2000).
First, an HIV patient has the right to respectful care, free from discrimination of any kind, including sources of payments. Second, an HIV patient has the right to research anything regarding any diagnosis or treatment they have received or will receive. Many clinicians often suggest that patients should conduct their own research so that they may better understand any events taking place (Wilder, 2000).
Third, an HIV patient has the right to know exactly who is involved in their medical care, at every level. This includes students, trainees, and volunteers as well as doctors and nurses. Fourth, an HIV patient has the right to be involved in the establishment of their care. An HIV patient has the right to refuse any treatment that may be recommended (Wilder, 2000).
Fifth, an HIV patient has the right to privacy. This is one of the most important rights. Sixth, under the right to privacy, an HIV patient has the right to assume that all records and any communication, written or verbal, are confidential, except in abuse cases. Seventh, an HIV patient has the right to examine and receive copies of their medical records (Wilder, 2000).
Eighth, an HIV patient has the right to assume that any advance directive they may have will be respected by any medical staff involved in their care. Ninth, an HIV patient has the right to timely notification of changes regarding billing. This also applies to changes in service fees (Wilder, 2000).
Tenth, an HIV patient has the right to an adequate amount of time allotted during medical visits for discussion and questions. Eleventh, an HIV patient has the right to assume that any medical staff involved in their care will take all necessary precautions. This can be used two ways: precaution against infection from HIV and precaution against infecting an HIV patient with other illnesses (Wilder, 2000).
Twelfth, an HIV patient has the right to make complaints or ask questions about their care. They also have the right to expect a quick response to such complaints or questions. Thirteenth, an HIV patient has the right to assume that any medical staff involved in their care will provide the best health care possible. If a referral to other medical facilities is necessary, such as a referral to other medical facilities is necessary, such as a referral to an oncologist to treat an opportunistic cancer, the patient has the right to be informed of the disadvantages, as well as other alternatives (Wilder, 2000).
Fourteenth, an HIV patient has the right to inquire about any third party relationships the medical facility has that could have an influence treatment. Fifteenth, an HIV patient has the right to informed alternatives to treatments if a current treatment fails to have an effect. This also applies to treatments that are still being discussed as a possibility (Wilder, 2000).
Sixteenth, an HIV patient has the right to expect assistance to help with any handicaps that cause barriers. This includes language, culture, physical, and communication. Finally, an HIV patient has the right to timely visits with medical staff. If a delay occurs, an HIV patient has the right to an explanation and apology (Wilder, 2000).
The HIV patient’s responsibilities are not quite as detailed as the Bill of Rights, but coincide. According to Wilder (2000), there are 10 main responsibilities an HIV patient has:
1) Provide medical staff with accurate information when possible. Also, an HIV patient is expected to understand what role they play in their own treatment.
2) An HIV patient must take care of financial obligations as soon as possible.
3) An HIV patient must be considerate of other patients and staff, and also respect facility property.
4) An HIV patient must understand that both medicine and humans have limitations, and are not perfect. There are always risks to consider and discuss with physicians.
5) An HIV patient must understand that the medical staff also has other patients under their care. They have to divide their time and services as equally and efficiently as possible.
6) An HIV patient must understand as much as possible about their health insurance plan.
7) An HIV patient has the responsibility to report suspicions of fraud or illegal activity to the proper authorities.
8) An HIV patient must keep all appointment. Whenever possible, an HIV patient must notify the medical staff if an appointment cannot be kept.
9) An HIV patient has the responsibility to notify medical staff immediately, if health conditions or medical care situations change.
III. HIPAA Privacy Rule
The HIPAA Privacy Rule, enacted on April 14, 2003, was designed to establish regulations regarding the use and disclosure of Protected Health Information (PHI). This includes health status, health care payments, or any provisions for health care. The Office for Civil Rights (OCR) is responsible for enforcement of the Privacy Rule, by issuing compliance activities or monetary penalty fees against violations. In simple terms, the Privacy Rule is meant to protect a patient’s medical history, in its entirety, including payment histories, from being disclosed by covered entities. According to the OCR (2003), covered entities are defined as health plans, health care clearinghouses, and any health care provider who uses an electronic means to transmit health information related to transactions.
Health plans are one group of covered entities. Health plans include health maintenance organizations (HMOs), Medicare, Medicaid, Medicare supplement issuers, Medicare + Choice, long-term care insurers, and health, dental, vision, and prescription drug insurers. Health plans also include government, church, and employer sponsored health plans, and multi-employer health plans (OCR, 2003).
Although they are few in number, there are exceptions in covered entities. Insurance companies that only provide automobile insurance, workers’ compensation, and casualty and property insurance are exceptions. In addition, group health plans with less than 50 members that is employer-administered and maintained is also an exception (OCR, 2003).
Health care providers, regardless of their size, are a covered entity if it uses electronic transaction transmission. These transactions include referral authorizations and claims. However, an electronic transmission has to be connected to a standard transaction. The Privacy Rule covers these providers even if they use an outside service to handle electronic transactions. Health care providers include all providers of services, such as hospitals, and all providers of any medical and health services, such as dentists, physicians, and optometrists (OCR, 2003).
Health acre clearinghouses are another group of covered entities. These groups process “nonstandard information they receive from another entity into a standard (i.e., standard format or data content), or vice versa” (OCR, 2003). Health care clearinghouses only receive specific health information that can be used to identify someone, when processing information to a health care provider or health plan as a business associate. Health care clearinghouses include health management information systems, billing services, and repricing companies (OCR, 2003).
The Privacy Rule protects all “individually identifiable health information,” called Protected Health Information (PHI). Identifiable information includes any data related to a patient’s physical or mental health, provisions of health care to the patient, and any payments made for health care provided to the patient. This information usually includes a patient’s social security number, address, name, age, and birthdate.