The Health Insurance Portability and Accountability Act (HIPAA) protects the privacy of your health information. But it also protects your rights to continue your health insurance as you or a spouse moves from job to job, and limits exclusions for preexisting conditions. HIPAA guarantees that a group health plan cannot exclude coverage of a person’s preexisting condition for more than 12 to 18 months after their enrollment date.
So how does the new program created by Mayo Clinic and Microsoft that provides a free Web site that will let people store personal health and medical information affect HIPAA protections?.
I have written before on what people should know about HIPAA: How Much Do You Know About HIPAA?
HealthVault is working with doctors, hospitals, employers, pharmacies, insurance providers and manufacturers of health devices – blood pressure monitors, heart rate monitors and more – to make it easy for you to add information electronically to your HealthVault record.
The Associated Press reports in a story written by Jessica Mintz that:
The sites, from companies such as Microsoft and Google Inc. and major health insurers, are meant to give people an easy way to stash medical information and transfer it to a new clinic, hospital or specialist. But those providers aren’t necessarily ready for such an electronic revolution, which for now means it takes some work on the patient’s part to set up and maintain the records.
Anyone can sign up for an account, not just Mayo Clinic patients. Users can give access to different slices of their health information to doctors and family members as the need arises. Therein lies the rub. Does the patient lose their right privacy guaranteed under HIPAA if they use this service? Can an insurance company then gain access to the patients private health information? Has the patient opened the proverbial door?
Here is how it works:
The site prompts people to get started by answering questions about their family medical history and current and past health problems, allergies and medications. Based on that information plus age, gender and other factors, the site recommends additional tasks — scheduling a mammogram, for instance — and articles for further reading.
Given the serious consequences of violating HIPAA, and the history of the insurance industry passing around medical information obtained in the claims process and from insurance policy applications, it is surprising to me that not a single mention of HIPAA is contained in the Mayo Clinic website on this program. The AP story points to warnings by consumer advocates about just this problem:
Privacy advocates urge people who want to set up a personal health record on line to read the fine print. Deven McGraw, director of the health privacy project at the Washington-based Center for Democracy and Technology, said sites like the Mayo Clinic Health Manager aren’t currently covered by national laws that specify cases in which health care systems can access and share information without patients’ consent
Dr. Sidna Tulledge-Scheitel from Mayo Clinic, points to patient management of chronic conditions such as diabetes, high cholesterol and high blood pressure at home. Tulledge-Scheitel said that without a system like Health Manager, she has to hope a refrigerator magnet suffices to remind asthma patients to regularly perform some self-diagnostic exams. The site would remind them to do it monthly. In a lone mention of privacy, the AP story points out that "the system doesn’t send e-mail reminders for privacy reasons, so the patient has to be in the habit of logging on to the site frequently."
Some believe that electronic medical records are more cost-effective than paper files and will lessen medical errors. The economic stimulus package this year included incentives for doctors and hospitals to adopt electronic health records.
Do you think a future health care system where sites like Mayo Clinic Health Manager would connect to pharmacies, hospitals and doctors’ offices is a desirable system?. Not surprisingly Microsoft’s HealthVault system can connect to some pharmacies, insurance companies and providers, but most doctors have not invested in an electronic medical record system. For patients, that means typing the results of surgeries, lab tests and other information into the Health Manager themselves.
What price privacy? What protections are there for the individual? How would an individual know if the insurance company used the information for the wrong purpose. Just remember that AIG is an insurance company being investigated by Congress as well as a major player in financial misconduct on Wall Street.
See my article on AIG denying valid claims: AIG In Another Scandal Over Denying Health Care Claims For American Workers Injured In Afghanistan and Iraq
Here is the basic list of protections of HIPAA that everyone should know from the U.S. Department of Labor. HIPAA protects workers and their families by:
Limiting exclusions for preexisting medical conditions (known as preexisting conditions)
Providing credit against maximum preexisting condition exclusion periods for prior health coverage and a process for providing certificates showing periods of prior coverage to a new group health plan or health insurance issuer
Providing new rights that allow individuals to enroll for health coverage when they lose other health coverage, get married or add a new dependent
Prohibiting discrimination in enrollment and in premiums charged to employees and their dependents based on health status-related factors
Guaranteeing availability of health insurance coverage for small employers and renewability of health insurance coverage for both small and large employers
Preserving the states’ role in regulating health insurance, including the states’ authority to provide greater protections than those available under federal law
A resident of Honolulu, Hawaii, Wayne Parson is an Injury Attorney that has dedicate his life to improving the delivery of justice to the people of his community and throughout the United States. He is driven to make sure that the wrongful, careless or negligent behavior that caused his clients' injury or loss does not happen to others.