‘Good morning Mr. John! How’s your diabetes level now! Have you got it checked properly before your birthday on last week? We are offering a 20% discount on our all products at our lab ABC patho systems. Come to us; get a proper check up and save your hard earned bugs.’ Yes, this was the call I received from a pathology lab on last Monday morning. I was shocked to receive that promotional call. How could these guys come to know that I am a diabetic and where have they got my contact number? How have they gathered my personal data! I was shocked. I was astonished with no clues. Well! The same thing might happen to you. You also might have received some advertisements like this, either on your telephone or on your e-mail. If you have faced this type of situation then you might be a victim of data theft which generally happens to unsecure systems of record keepings. Usually we try to avoid those practices asking for our personal details, security numbers, citizenship codes etc. But when it comes to our health, we simply do not compromise because we want the best services available. In due desire and complying with the rules of record keeping we reveal all the details which are being put forward by the record keeper in our physician’s office. Without caring for the sensitivity of the personal data, we search for the best services towards our health problems. The privacy related to this type of personal data is a big concern even in the age of electronic medical records.
The confidentiality of data when it comes to the electronic medical records is always given priority. This is because in a hospital or clinic most of the staff members have access to such type of data and they come across them by a part or whole. Along with that other service providers and related vendors who come across that data may reach the level of about 5000 per patient roughly. In such a situation the confidentiality of data like the electronic medical records of the patient covering medical as well as payment records is obviously a matter of priority. In US this type of data is called Protected Health Information or simply PHI. The proper management of PHI comes under various local medical and personal confidentiality laws. In US this is governed mostly by the HIPAA or the Health Insurance Portability and Accountability Act. This law was enacted in 1996 by the US Congress. The Privacy Rule under HIPAA or Health Insurance Portability and Accountability Act came into force on 14th April, 2003.
This privacy rule under HIPAA regulates the use and disclosure of Protected Health Information or Electronic Protected Health Information (EPHI). The privacy rule says that the PHI or the EPHI of the concerned individual should be disclosed to him upon request within a period of 30 days. This rule also states that whenever the concerned entity or the record keeping organization needs to disclose PHI it should try to disclose only the minimum required information to achieve the purpose, not even a fraction more than that. This privacy rule also gives the confidentiality of communication to the individual. The individual can ask the concerned entity to contact him as per his choice regarding his electronic medical records or any part of his PHI. The concerned entity should comply with this rule of confidentiality of communication. The privacy rule also makes it mandatory to take the proper authorization from the individual to use his electronic medical records.
So, next time whenever you go to your physician or any pathology lab, this little guidance as per HIPAA may help you a lot.
