I was in a classroom a few days ago where a discussion regarding the distribution of health information to perceived family members or close friends was occurring. I was intrigued by the assumption of the participants.
It seems that most of the participants believe that if their family member or close friend is involved in a health crises requiring critical care hospitalization, the family member or close friend simply needs to inform the nursing staff that they are available to visit the patient and help with any medical decisions that need to be made. Most of the participants where aware of confidentiality policies but thought that in the event of an emergency they would be allowed to participate.
While some organizations are stricter than others, most will enforce and follow the rules and regulations defined by the Health Insurance Portability and Accountability Act or risk severe consequences. Those that do not comply are subject to audits and fines. While the instructor informed the class of the laws protecting health information one should know that there are also other agencies that provide protection against the distribution of personal information.
Proper disposal of important personal information must follow certain requirements or possible security breaches like the theft of intellectual property can occur. In addition, there is a growing list of regulations that address information security, privacy and document retention that must be understood by businesses. Non-compliance can result in serious legal problems from violations of:
- FACTA [Fair and Accurate Credit Transactions Act]
New law requiring anyone retaining consumer information for business purposes to destroy the personal information before discarding it.
- GLBA [The Gramm-Leach-Bliley Act]
Requires banking and financial institutions across the United States
to describe how they will protect the confidentiality and security of consumer information.
- HIPAA [Health Insurance Portability and Accountability Act]
Requires healthcare providers and hospitals to protect patients' privacy and to ensure the security of patient/client health data.
These laws affect virtually all businesses. A business is held responsible for protecting information if:
- One or more people are employed
- A business keeps personal information on file for customers or employees
- A business accepts credit cards for payment
- A business buys or sells products on the Internet
- A business performs a credit check on an employee or potential customer
As a consumer you should be aware of these agencies that provide protection not only of your medical information but also your financial information.
Let me know what you think.