If you’ve been in to see a physician in the last 20 years or so—and we certainly hope that you have—you’ve most likey had to sign a HIPAA disclosure form. Congress passed the Health Insurance Portability and Accountability Act, commonly known as HIPAA, back in 1996. One of its provisions is to drastically restrict your doctor’s ability to share your personal health info with other people. While your family doctor used to be able to update your wife on the results of your health exam, HIPAA laws now prevent this from happening—unless you give explicit permission.
Interestingly, HIPAA is not a “set in stone” act—in fact, over tha past two decades, it’s continually evolving as technology and other factors impact the way it works. Here are some of the most important changes:
More Rights for You, the Patient
As of 2003, you now have the right to ask how your medical records will be used, as well as to request copies of your tests and charts and ask for corrections if you believe that something is wrong. As the U.S. Department of Health and Human Services notes, those updates tried to balance the need to keep patients’ personal information confidential and with protecting public health. For example, if an individual was diagnosed with a rare and highly contagious disease, it would be in the public interest to disclose at least some of the patient’s data to keep the general population safe.
Data Breaches, BYOD Policies, and More
2013 changes took into account many advances in technology. Three new safeguards were put in place to protect the security of all of your electronically stored and transmitted records. These new rules were especially important for healthcare providers with a “BYOD” policy where workers were able to use their own personal electronic devices at and for work. The HIPAA rules for 2013 also included an updated definition of what a “data breach” means and what constitutes an “unauthorized exposure” of electronic patient health information.
How HIPAA Has Changed in 2017
The Office of Civil Rights (OCR), the entity in charge of enforcing HIPAA, has been keeping a sharp eye on the patient privacy act and the healthcare information technology sector, and doing everything they can to make sure your personal health info stays private. The OCR is now in the second phase of its HIPAA audit program, and has been identifying candidates for an audit, which will ensure that healthcare providers are following the rules. The OCR has also been looking at additional angles of medical privacy that didn’t exit when HIPAA went into effect more than 20 years ago. OCR will spend a great deal of time looking into cybersecurity risks and providing rules for cybersecurity management at healthcare facilities. In addition, OCR is keeping close tabs on cloud computing, and has declared that cloud services providers are technically business associates for the purposes of HIPAA, and therefore must sign a HIPAA-compliant business associate agreement.
