Fact Sheet 8: Medical Records Privacy
Posting this just in case anyone isn’t aware of how many people/organizations may have access to your “private” medical records. I had no idea myself until I read it. There is a lot of stuff NOT covered by HIPAA.
Many people consider information about their health to be highly sensitive, deserving of the strongest protection under the law. Long-standing laws in many states and the age-old tradition of doctor-patient privilege have been the mainstay of privacy protection for decades.
The federal Health Insurance Portability and Accountability Act (HIPAA) sets a national standard for privacy of health information. It was implemented in 2003. But HIPAA only applies to medical records maintained by health care providers, health plans, and health clearinghouses - and only if the facility maintains and transmits records in electronic form. A great deal of health-related information exists outside of health care facilities and the files of health plans, and thus beyond the reach of HIPAA. (PRC Fact Sheet 8a: HIPAA Basics)
The extent of privacy protection given to your medical information often depends on where the records are located and the purpose for which the information was compiled. The laws that cover privacy of medical information vary by situation. And, confidentiality is likely to be lost in return for insurance coverage, an employment opportunity, your application for a government benefit, or an investigation of health and safety at your work site. In short, you may have a false sense of security.This guide provides information on medical records not covered by the HIPAA Privacy Rule.