The Filutowski Law Firm, PLLC

With the green movement fully underway and technology continually evolving each month, health care providers are systematically changing how they create, maintain and store patient information by going paperless.   With any transition or upgrade in technology, comes ease, efficiency and some glitches.  Fortunately, federal law was passed that further protects patient privacy in offices that are upgrading technology to improve efficiency and quality of patient care.

Patient Privacy

As a patient, any  information you share with your health care provider, from the in-take/information sheet completed in the waiting room to your conversation with your doctor in the exam room, is protected by federal law: Health Insurance Portability Accountability Act (“HIPAA”).

With few exceptions, no one can access this information without first obtaining a signed HIPAA release from you.  For example, for an attorney or insurance company representative to obtain this information, they must have a valid HIPAA release signed by you on file.  A HIPAA release expires 90 days from the date of signature.  The release grants permission for the requesting party to obtain your medical records and bills and all peripheral confidential information.  This confidential information commonly includes your social security number, HIV/AIDs information, mental health history, sexual orientation, etc.

Exceptions:  confidential patient information may be shared without a HIPAA release when used for purposes of:

• Referrals
• Billing your personal injury protection insurance or health insurance company
• Labor & Industries (on-the-job)  injury claims
• Public health researchers need aggregate information for studies

Electronic Record-Keeping

As health care providers make their offices paperless, there is a risk that patient confidentiality may be breached.   If so, under the newly enacted Health Information Technology for Economic and Clinical Health (HITECH) Act, part of American Recovery and Reinvestment Act of 2009 (ARRA), the health care practitioner must report such breach to the U.S. Department of Health and Human Services.

HITECH only applies to health care providers, not third parties who have permission to access patient information.  Such safeguards increase patients’ trust in health care providers keeping their information secure as medical chart notes, reports and bills are created, transferred and stored electronically.

Electronically storing medical information:

Those with a Gmail account can organize, store, request, receive and share their medical records with health care providers.  Discussion of privacy implications can be found here.