HMO Notice of Privacy Practices and HIPAA
I have been requested by my HMO to sign their Notice of Privacy Practices (NPP). I have not yet signed it. After reading what HIPAA is, I'm not sure I should. Are HMO's entitled to reduce the specificity of HIPAA? For example, under Judicial and Administrative Proceeding, they state: "We may disclose your health information in the course of any administrative or judicial proceeding." By saying "any" they reduce the effort they must take to protect my privacy because there is no specific person with a specific title, license and level of authority they have to verify before release. There are many more unclear interpretations made in this NPP as well.
You bring up some interesting points. HIPAA covered entities are required to meet certain requirements in their Notice of Privacy Practices. Unfortunately, there has been a lot of misguided interpretation. Just because your HMO has a documented NPP doesn't mean that it completely adheres to the HIPAA Privacy Rule requirements or properly address any civil rights you may have. I'm not a lawyer so I'm not qualified to answer this. I think this is ultimately an area that you (and your lawyer) will have to address based on what you feel comfortable with.
For more info on this topic, check out these SearchSecurity.com resources:
Best Web Links: Health Care/Health Services
On-demand webcast: HIPAA: Where are we and where are we going?
This was first published in July 2003