Unintended – and unwelcome – consequences of HIPAA? Isaac Wolf reports:
Medical providers say that federal law hamstrings ID theft victims from seeing files created in their name: That’s because medical records created about all patients — including identity thieves who use your name – are covered by privacy rules in the Health Insurance Portability and Accountability Act (HIPAA), according to Lawrence Hughes, assistant general counsel for the American Hospital Association.
“You must protect all persons’ information — whether it is a real patient or a patient that has committed a case of identity theft,” Hughes said.
For America’s victims of medical ID theft, there is no system to identify and correct the damage left by an impostor. In fact, a Scripps Howard News Service investigation finds:
— Medical providers are refusing to give ID theft victims access to records, invoking the privacy rights of the thieves, according to victims, experts and hospital officials. The only way for this to change is for federal authorities to create explicit rules to help medical ID theft victims, some say.
Read more on ScrippsNews.
Yes, it seems clear that this may require a legislative patch or fix, although I have to think about whether the law is actually being interpreted correctly. HIPAA says that patients have access to their records, right? If there’s erroneous information in your records due to medical ID theft, okay, but those are still your records. They have your name on them, right?
Send in the lawyers…