After a visit to the doctor, I was told I could not see my medical records because I had not yet paid for my appointment. I felt uneasy being denied access to information about my body and health, but I decided to brush it off and follow the orders of my doctor. Healthcare providers exist to make sure I live a longer and healthier life, so they should always work in my best interest, right? I was wrong. Back then, I was unaware of my rights under the Health Insurance Portability and Accountability Act (HIPAA) of 1996. Not knowing what I was entitled to, I was taken advantage of.
What even is HIPAA? HIPAA was enacted to provide health insurance coverage for those who change or lose their jobs and to secure the privacy of health records. HIPAA’s passing was especially important because of the shift from paper to digital records of people’s medical history. Just from reading the tabloids, you can see how easy it is to hack into a personal smartphone or computer and steal people’s photos. Just imagine how urgent it was to implement a system to keep individuals’ digital medical records under lock and key. Not only would it be embarrassing to have your every conversation with the doctor floating around on the Internet, but also potentially dangerous.
While I knew that HIPAA was designed to protect some of the most intimate details of my life, it didn’t make sense that my doctor was protecting my records from me. So I dug a little deeper and learned that HIPAA requires health insurers and providers to comply with any citizen’s right to see their medical records and control who else has access to those records.
I also learned that once you submit a request for medical records, the hospital is required to respond within 30 days. This applies even when you have not yet paid your hospital bills. Healthcare providers are only allowed to charge a fee only for the labor for copying the medical record, the supplies for creating the paper or digital copy, and postage for mailing health records.
There exist only a few kinds of records providers can withhold, including psychotherapy notes and information that could reasonably endanger your or someone else’s safety. If your provider denies your request for access to certain records, you can always ask another provider to review your situation. He or she will determine if you can access your health information.
Through my research, I learned a lot about my rights to access my own medical records. The most frustrating of my findings is that not all individuals and organizations are considered to be “HIPAA-covered entities.” According to the Centers for Medicare & Medicaid Services website, HIPAA-covered entities can be categorized as health plans, clearinghouses, and healthcare providers.
Other institutions, such as elementary schools and the American Red Cross, are not required to comply with HIPAA. So make sure to check with your healthcare provider if they are a HIPAA-covered entity. That way you know you will always have access to your medical records. If you believe your HIPAA rights are not being protected, you can file a complaint with your provider or with the Department of Health and Human Services.