AT THE DOCTOR S OFFICE

Previous page
Table of content
Next page
 < Day Day Up > 

AT THE DOCTOR'S OFFICE

Testing Can Be Hazardous to Your Health Insurance

The Annoyance:

I'm thinking about getting tested for HIV. But I'm reluctant to go to my regular doctor, because I'm afraid my insurance coverage could be cancelled if the test is positive. Do I need to worry?

The Fix:

You might. The test results will become part of your medical record, which can be shared with a wide range of entities under the Health Insurance Portability and Accountability Act of 1996 (see "Getting Hip to HIPAA"). If you pay for the doctor visit using private health insurance, that information is almost certainly going to end up in medical databases and follow you the rest of your life. The very fact that you had the test, even if it turned out negative, may be a flag to some insurers that you are high risk.

One option is to be tested anonymously at a local free clinic. Such services don't collect personally identifiable information when they collect your blood sample so you'll be able to get the results without creating a traceable record of them. You'll find a nationwide directory of clinics at the Free Clinic Foundation of America's site http://www.freeclinic.net and HIV testing centers at http://www.hivtest.org.

Anonymous testing is available in 40 states and the District of Columbia. The remaining ten allow only "confidential" testing, where the results can be shared with other health professionals and state health agencies. States that only allow confidential tests include Alabama, the Carolinas, the Dakotas, Idaho, Iowa, Mississippi, Nevada, and Tennessee. All ten require doctors to report your test results and your name to state health authorities. For more information on the reporting requirements for each state, visit the Henry J. Kaiser Family Foundation's State Health Facts web site (http://www.statehealthfacts.org).

Another option is to find a so-called "country doctor." This is a movement of physicians who've declined to become "covered entities" under HIPAA by not transmitting protected health information electronically. (Country doctors can still keep records on computer, they simply can't transmit them.) By definition, such physicians don't accept insurance or Medicare payments, so all medical expenses will come out of your pocket. (However, such doctors are still subject to state reporting rules and disclosures to law enforcement.) Depending on the laws of your state, using a country doctor may mean giving up some of HIPAA's benefits, such as getting copies of your medical records. At press time, the American Association of Physicians and Surgeons was attempting to create a directory of such doctors. Check their web site (http://www.aapsonline.org) for updates.

Waiting for lab test results in the mail, but afraid your spouse or your parents will get to them before you do? Under HIPAA you can specify alternate means for your health care professional to contact you such as a different postal or email address. (Make sure they agree to use encryption before you allow the latter.)


GETTING HIP TO HIPAA

Unlike most areas of American society, your medical records are protected by Federal law. But whether they're well protected is a matter of debate. The Health Insurance Portability and Accountability Act (HIPAA) took effect in April 2003 and applies a complex series of guidelines to any organization that handles sensitive health information like your doctor, your insurance company, and any data clearinghouses they use.

For consumers, HIPAA has three main benefits:

  • Access. You have the right to see, copy, and correct your own medical records, with a few limited exceptions. However, you may have to pay for copies and other administrative expenses.

  • Confidentiality.Healthcare providers and insurers must keep your information private. Employers can't access your medical history unless they administer an employee health plan, in which case this information is restricted to certain individuals in the organization (see Chapter 4, "Medical Records May Be Hazardous to Your Job"). Law enforcement agencies must obtain a valid court order to see your records.

  • Security. Organizations that handle health data must take steps to protect your information and keep it safe from inadvertent disclosure or illegal access.

That's the good news. The bad news is that HIPAA contains many loopholes and exceptions, the law is loosely enforced, and the legislation has been a source of great confusion to patients and medical personnel alike.

One exception allows doctors' offices to share your information with third parties so they can market "alternative treatments" to you. Financial institutions and law enforcement agencies are not covered under HIPAA so if you pay for a nose job using a credit card or the Feds bust your doctor for illegal drug sales, that information isn't protected.

Worse, many organizations have found it difficult to implement HIPAA rules, or may be breaking them without being aware of it. In a survey published in Summer 2004, healthcare consultants Phoenix Health Systems reports that 4 out of 10 health care organizations say they're not fully compliant with all HIPAA regulations, more than a year after they went into effect. One out of five admit they're not yet following HIPAA privacy guidelines.

Zix Corp., a Dallas-based maker of email security systems for health care providers, reports that more than half of the top health care organizations are violating HIPAA rules every day. A Spring 2003 audit of 4.4 million electronic messages from 7500 health care organizations found that 53 of the top 100 healthcare providers transmitted sensitive medical information using unencrypted email, which could be intercepted en route or read by anyone with access to the recipient's computer. More than a third of top insurers also used unencrypted email. In most cases, says Zix, these companies are probably unaware their employees aren't following good email security practices.

Theoretically, breaking HIPAA rules carries stiff penalties. Violators can be fined $100 per incident up to a maximum of $25,000 per year. If the violation involves fraud or commercial gain, regulators can impose criminal penalties from 1 to 10 years in prison and fines from $50,000 to $250,000. But despite more than 5,000 consumer complaints alleging HIPAA violations, as of April 2004 not a single entity had been penalized, according to Georgetown University's Health Privacy Project. The U.S. Department of Health and Human Services' Office of Civil Rights, which oversees HIPAA compliance, takes a more educational approach to the law, trying to ensure health care professionals are aware of the rules and try to abide by them. (Got a HIPPA beef with your doctor? See "Report Privacy Gaffes.")

Most privacy advocates feel HIPAA offers weak protections at best. Depending on where you live, state laws may offer stronger privacy rules than HIPAA. For a summary of state medical privacy statutes and links to more information, visit the Health Privacy Project web site (http://www.healthprivacy.org) and click the State Law button.


Keep Your Hospital Stay Private

The Annoyance:

I'm going in for some elective surgery of an extremely personal nature, and I don't want my gossipy coworkers or friends to know about it. How can I protect myself?

The Fix:

First, tell the hospital or other care facility to take your name out of their patient directory. Some facilities may ask for your permission before they list you, but they're not required to so anyone who knows your name can walk up and inquire about what room you're in and your general condition, though not the type of treatment you're receiving. If you've checked into the oncology wing or the maternity ward, however, they can get a pretty good idea of why you're there.

According to HIPAA rules, upon admittance you should be given a form where you can specify the types of medical information you're willing to share and with whom. Even so, your control over this information is ultimately quite limited. Privacy advocate Robert Gellman estimates that if you get treatment at a hospital and pay for at least part of the treatment using an insurance plan, anywhere from 1,000 to 10,000 people from hospital staff to insurance company administrators to university researchers could have access to it. Many of them are not covered under HIPAA.

But there's a downside to keeping your hospital stay under wraps, notes April Robertson, corporate compliance officer for ChartOne, a medical records management firm in San Jose.

"You won't get flowers, get well cards, or phone calls, and if your old auntie shows up in the lobby during visiting hours, she won't get to see you," she says. Robertson suggests you ask the hospital if they'll let you choose a password that you can share with your family, so you can choose who gets to visit while you convalesce.

Bottom line? If you don't want anyone to visit or call, don't tell anyone you're going to be in the hospital. If you think someone is looking for you and likely to do you harm, warn the hospital (preferably when you schedule the procedure, not at the time of registration) and they will take appropriate measures. If you really want privacy, don't use insurance and pay the bill out of pocket.

Medical Marketing Migraines

The Annoyance:

A few weeks ago I got a prescription filled for medicine to treat a chronic condition. Now I've started to get solicitations in the mail for similar medicines. Who sold my name to these guys, and what can I do to stop them?

The Fix:

This is one of those lovely little loopholes in HIPAA. Your doctor or pharmacy can share your information with marketers under the guise of providing information about "alternative treatments." For example, your drug store may contact you at the behest of a pharmaceutical company to see if it can persuade you to switch brands of anti-depressant.

You can opt out of receiving future marketing dreck, but only after you've received the first one. Worse, you'll have to opt out separately for each healthcare provider that sells your information and for each member of your family who is contacted. The law specifies no standard opt-out method, so the procedure for getting your name off a marketer's list will vary.

You might attempt a pre-emptive strike by telling your doctor or pharmacist to not share your contact information with anyone. The Association of American Physicians and Surgeons has developed a model nondisclosure form you can give to your doctor, dentist, or other medical professional that demands they not release your personal health information to third parties. (You can find it at http://www.aapsonline.org/confiden/patientadvisory.htm.) If the marketing is allowed under HIPAA guidelines, your physician isn't forced to comply or even acknowledge your request. But if she doesn't honor your requests, you probably don't want her as your doctor.

While you're in a hospital bed zonked out on meds, your medical chart is available to anyone who wanders by. The Health Privacy Project advises patients to discuss concerns about confidentiality with health professionals prior to treatment. Ask your doctor to keep treatment notes and other sensitive material separate from your medical chart, to limit access by strangers.


PRIVACY IN PERIL: DRUG STORE COWBOYS

Have you gotten a letter or a call from your pharmacy offering helpful advice concerning prescription drugs or even samples of the drugs themselves? Your drug store may be selling you out to Big Pharmaceutical, and breaking the law in the process.

In 2002, at least 300 South Florida residents received unsolicited letters from Walgreens with samples of Prozac inside, part of a promotional campaign instigated by local sales reps of Eli Lilly, makers of the popular anti-depressant.

Meanwhile in California, the Privacy Rights Clearinghouse is suing Albertsons' pharmacy (which includes the Save-On, Acme, and Osco chains) for allegedly contacting its customers on behalf of pharmaceutical companies. The PRC alleges Albertsons was paid up to $4.50 per letter and $15 per call by Big Pharma companies to get customers to switch to more expensive drugs. If true, that may violate a California law requiring companies to obtain customers' consent before using personal health information for marketing purposes. If you've received such a letter, contact the Clearinghouse at http://www.privacyrights.org/ar/PharmacyAlert.htm.


MEDS IN BLACK: MEET THE MIB

Do you have high blood pressure? Have you been treated for depression? Do you have a dangerous hobby such as skydiving or smoking? If so, you're probably on file at the Medical Information Bureau. The MIB is a kind of credit bureau for your body, used by more than 600 insurance companies to keep tabs on 15 million individuals and make sure they don't misstate their medical histories in order to qualify for insurance or lower premiums. And like a credit bureau, it has to follow the guidelines set down by the Fair Credit Reporting Act, which means you can obtain a copy of your file and demand they correct any inaccuracies. This is especially important if you've been turned down for insurance because of information in your MIB file. To request a free annual report, call the automated voice line at (866) 692-6901 or write to MIB at this address:

You'll have to provide your name, Social Security Number, date of birth, birthplace, occupation, home address, and phone number. MIB says it will process your request within 15 days, if they have a record for you on file. For more information, see the MIB web site at http://www.mib.com/html/request_your_record.html or send email to infoline@mib.com.


Report Privacy Gaffes

The Annoyance:

I've recently changed doctors. My old doctor's office tried to fax my treatment records to my new physician, but they goofed and sent my entire medical history to some stranger's fax machine.

The Fix:

Technically, that office has violated HIPAA's guidelines for data security. Fax machines are notoriously insecure devices even when the documents arrive at the correct number anyone can come by and have a look at what's being printed out. But your doctor's office needs to exercise more caution in how they handle your records.

If you believe your physician's office has violated the HIPAA Privacy Rule, you can report them to the Department of Health and Human Services' Office of Civil Rights by mail, fax, or email. You'll need to fill out a form detailing how the doctor violated your privacy, along with supporting materials and your full contact information. (For forms and detailed instructions, see http://www.hhs.gov/ocr/privacyhowtofile.htm.) The offending medical practice can be fined $100 per incident, but the odds of that happening are slim. More likely they'll get a letter warning them to clean up their act.

A better solution would be to request a copy of your medical records from your old doctor you're legally entitled to it, under HIPPA regulations. Then bring a copy to your new physician and keep one at home for your own records.

Confused by the privacy disclosure forms your doctor asks you to sign? Join the club. An April 2003 study of HIPAA notices, sponsored by the Privacy Rights Clearinghouse, found that most were confusing and way too complicated clearly not written using the plain language required by the law. Fortunately, you don't have to stay in the dark. Every health care provider is required to have a HIPAA privacy officer on hand who can answer questions and handle complaints. So if you don't understand something, ask to speak to your doc's privacy officer.


Be Careful What You Tell Your Doctor

The Annoyance:

Some of my personal habits aren't exactly mainstream or strictly legal. But they do impact my health and I'd like to talk to my doctor about them. Am I protected by rules of doctor/patient confidentiality?

The Fix:

Not necessarily. What you tell your doctor isn't as private as you might think. Confidentiality laws vary widely by state, and in many cases physicians are compelled to report certain conditions. For example, doctors may be required by law to report certain communicable diseases such as smallpox or tuberculosis to public health officials. Gunshot or knife wounds and suspected cases of child abuse must be reported to the proper authorities. Six states require doctors to notify their state department of transportation when patients have a condition such as epilepsy that could keep them from driving safely. In August 2004, a Pennsylvania man lost his driver's license after he told his doctor he drank a six pack of beer each night. A court subsequently ruled his license could be reinstated, but only after he installed an auto ignition system that contained a blood alcohol analyzer.

The Bush Administration's Department of Justice has asserted there is no such thing as doctor/patient confidentiality. Last year the DOJ sought the medical records of women who had undergone late-term abortions in California, Illinois, Michigan, New York, and Pennsylvania, claiming that it required these records to defend the late-term abortion ban passed by Congress but overturned by the courts. After being spurned by judges in nearly every state, the DOJ ultimately dropped its demands.

Despite that victory, doctor/patient privacy is hardly assured. Even privacy-conscious doctors may voluntarily disclose information if they believe the health of the patient or of other parties is at stake. And HIPAA puts no more restrictions on doctor confidentiality than existing laws, says privacy consultant Robert Gellman.

"Anything you tell your doctor can be given to the police, city or state health departments, national security agencies, researchers, or dozens of other institutions," he says. "When you talk to your doctor, you must make a tradeoff between protecting your privacy and getting the most effective health care."

Want to protect your medical privacy? Don't fill out surveys that ask questions about your physical ailments or what medicines you buy. Many people casually spill the beans about their health conditions outside their doctors' offices, says privacy advocate Robert Gellman. That information isn't protected by any laws, and will be sold and resold by marketers. Be careful what you buy using a grocery store loyalty card. As Gellman likes to say, don't buy Preparation H with your frequent shopper card unless you want the world to know about it.


     < Day Day Up > 

    Previous page
    Table of content
    Next page
    Computer Privacy Annoyances
    Computer Privacy Annoyances
    ISBN: 596007752
    EAN: N/A
    Year: 2005
    Pages: 89
    BUY ON AMAZON
    SQL Tips & Techniques (Miscellaneous)
    Java for RPG Programmers, 2nd Edition
    The Complete Cisco VPN Configuration Guide
    Introduction to 80x86 Assembly Language and Computer Architecture
    Programming Microsoft ASP.NET 3.5
    Logistics and Retail Management: Emerging Issues and New Challenges in the Retail Supply Chain
    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net
    Privacy policy