In the last several years, HIPAA has become an acronym patients hear at every doctor’s office. They are asked to sign forms, give consent, and are handed copies of papers full of medical legalese that they will just throw away. While most sign and ask few questions, many do not understand what HIPAA is and the protections this set of laws provide them.
The HIPAA (Health Insurance Portability and Accountability Act) Privacy Rule was created for two main reasons: to protect personal health information, and to enable the transfer of protected information to improve patient care. Patients everywhere grumble about having to sign papers and often express frustration with the government’s role in health care. What people don’t realize is that at its core, HIPAA was created to help patients. It not only protects their personal information, but it also allows their doctors to share information. It is hard to argue with doctors working together to provide better patient care and with safeguards that protect our private health information. Patients need to be educated in the ways that HIPAA and its tenets help them. If doctors don’t take steps to help their patients understand why and what they are signing, then the negative stigma around HIPAA will never fade.
There are several important things that providers need to make their patients aware of:
- How the practice will use their records. Be as specific as possible about who you will share with without their consent and who you will share with after obtaining written consent.
- If the appropriate written consents are signed, then information may be shared with any caregivers or family members the patient chooses.
- The step-by-step process for obtaining their records from your practice. Include time estimation and possible charges.
- How your office and providers may communicate with them. Explain that they have options for the best form of communication for them.
- Who is bound by HIPAA and who is not. Patients need to understand that third-party “storage” for medical records, such as phone apps, are not always restricted from sharing your records. Express caution about using these prior to extensive research by the patient. Also, reassure that your vendors and EMR are protecting their information as well.
- The system for correcting an error in their chart. The patient should understand that they may request correction of an error, and at the very least the request will be noted in the chart.
- How and what types of marketing you may do. This should include how you may contact them.
- How a patient can file a complaint about any covered entity. Many patients do not understand that it is up to them to generate complaints and that HIPAA is not “policed” by any entity.
Going above and beyond the recommended or required practices to provide your patients with information about HIPAA in your practice can only help to improve your relationship with patients. Don’t just hand them the forms and say “this is the same thing you sign everywhere.” There are several ways to communicate this. Take a moment to provide them with a handout outlining what your practice is doing to protect them and how you implement HIPAA practices. Use in-office technology like a TV in the waiting room to show the same thing. Or you can take a moment and verbally explain a few keys points of HIPAA while they sign. Using clear and easy-to-understand language is imperative. Avoid “medicalese” and keep it short. Be open to answering questions and explaining any confusing points.
Patients appreciate being treated like they are cared about and listened to. Taking the time to educate them on how your practice is taking care of their personal health information will be appreciated. It will also save you time by answering questions that could arise later or cause problems. Also, it may avoid any misunderstandings between the office and the patient. Everyone appreciates transparency. Being honest and up front about how your practice implements HIPAA government mandates will put your patients at ease and improve the patient-provider relationship.