basically my understanding is that anyone in the "system" can potentially look up all your info. It's really that simple. I mean read between the lines people. you can't sue, and basically it's the honor system. If your records are digital and someone wants them, they can get them. that's now. in ten years, who knows. maybe insurance companies get a law passed where they get to "look up" all your records when you apply for insurance. that's all I'm saying.
[ QUOTE ]
Also, doctors are under NO obligation to report drug use of any kind to anyone except the patient. And, no, the government has no access to my patients' charts, nor does your insurance company, unless the patient specifically allows it.
[/ QUOTE ]
http://www.privacyrights.org/fs/fs8a-hipaa.htm
[ QUOTE ]
What are HIPAA's shortcomings?
Like it or not, you are not the only one with an interest in control of personal health information. The balancing act between your interests and those of other stakeholders is often tipped on the side of government, the medical profession, related businesses, and public interests. Consumer and patient advocates are critical of HIPAA for its numerous weaknesses.
Here are some of the ways that patients' rights to privacy come up short:
1. Your consent to the use of your medical information is not required if it is used or disclosed for treatment, payment, or health care operations (TPO). In many situations such as emergencies, this makes perfect sense. You don't expect the ambulance driver to get your permission to call the hospital emergency room when you are having a heart attack. On the other hand, since your consent is not required for payment, your health care provider could submit a claim to your insurance company - even for a procedure you wanted to keep private and intended to pay for yourself. In addition, treatment, payment, and health care operations have broad definitions that encompass many activities that most people are not familiar with.
2. Your past medical information may become available, even if you thought the information was long buried and would remain private. An event, treatment, or procedure from your distant past can be disclosed the same as information about current conditions. Of some comfort, old information is given the same protections under HIPAA as current information. In addition, HIPAA's "minimum necessary" rules applies to old as well as new records. This means that the amount of information disclosed should be limited to what is necessary to accomplish the purpose.
3. Your private health information can be used for marketing and may be disclosed without your authorization to pharmaceutical companies or businesses looking to recall, repair or replace a product or medication. (For more on the marketing of your medical information see Part 5 below.)
4. You have no right to sue under HIPAA for violations of your privacy. In other words, you do not have a "private right of action." Only the HHS or the U.S. Department of Justice has the authority to file an action for violations of the Privacy Rule. All you can do is complain to the one who violates your privacy or to the HHS. However, you may be able to sue under state law using the HIPAA Privacy Rule to establish the appropriate standard of care.
5. Business associates of a covered entity can receive protected health information (PHI) without a patient's knowledge or consent. Before entering into an agreement with a business associate, a covered entity must receive assurance that information will be handled appropriately, After that, handling of sensitive data by business associates is left only to an honor system. Even when the limitations of the Privacy Rule are applied, many people can still see your medical records when carrying out the business of the plan or provider. Business associates may include billing services, lawyers, accountants, data processors, software vendors, and more. Your doctor may, for example, disclose your health information to a business associate that processes medical bills. A written contract for this arrangement is required, but the doctor doesn't have to check to see that your information is being handled correctly. If there is a violation, the business associate is supposed to report it.
6. Law enforcement access to protected health information under HIPAA is a significant concern of privacy and civil liberties advocates. Some disclosures may be made to law enforcement without a warrant or court order.
[/ QUOTE ]
http://www.epic.org/privacy/medical/
http://www.consumerreports.org/cro/healt...rview/index.htm