Understanding HIIPA and Your Rights
HIPAA is a federal law that requires medical providers to protect individually identifiable health information. Like Indiana’s patient privacy laws, HIPAA states that hospitals, physicians, dentists, and others may not release protected health information except in limited circumstances. Although the law does not provide individuals with a private cause of action over alleged violations, an Indiana Court of Appeals recently upheld a jury’s decision holding an employer liable for a pharmacy worker’s negligent release of a patient’s protected healthcare information.
All healthcare providers in Indiana are required to maintain patient records in a confidential and private manner. Except in specific and limited circumstances, medical providers must obtain a patient’s consent prior to releasing his or her healthcare records. For example, a doctor may share patient information for treatment purposes, with an individual who is authorized to act on behalf of the patient, and for certain law enforcement purposes. Additionally, records related to Medicaid or CHIP eligibility may only be disclosed to the Office of Medicaid Policy and Planning.
If a medical provider negligently or intentionally discloses your private medical information, you may have a tort action (on a different basis) against the provider.