It's mind boggling because I highly doubt it's actually true. I'm not sure where the OP is getting that info. Patients can't waive away HIPAA privacy/security rights.
I think the OP is assuming that when healthcare institutions partner with third parties, those third parties are not required to uphold HIPAA. If that's his/her belief, it's 100% false. Third parties associating with healthcare institutions have to sign business associate agreements (BAAs) that require them to uphold the same standard of privacy/security regarding patient data as the first party healthcare institution. There are severe financial penalties for violating HIPAA, and every healthcare institution I've been a part of takes this extremely seriously.
Before I start, I'm not singling you out- I am happy that you're participating in this discussion and sharing your first hand knowledge.
The thing for me is that if HIPAA truly does provide me privacy of my personal information and health care information, why are all of these privacy and consent forms required?
Whenever I am handed a form that says "privacy policy" my sense is immediately raised - what is it that they're trying to hide from me through mountains of legalese? When I don't receive one (as was the case in my doctors visit) then I am REALLY on edge.
For example, with my health care visit, this thread prompted me to call the listed numbers on the website for the health care provider to discuss their privacy policy. The provider's number dumps you into an IVR that has zero way to reach a human - you must dial an extension, and there is no option for an operator. I ended up calling their headquarters to get a callback from a human.
If there are standard mechanisms and policies in place, then we should be able to understand the rules once and never have to sign another form again, because the rules would be clear, unambiguous, and applicable to every health care interaction. If the rules are clear about not waiving HIPAA privacy/security rights, then why have a privacy policy that's three pages of inscrutable legalese that gives a bunch of weasel room for them to "share" information?
sxg|1 year ago
I think the OP is assuming that when healthcare institutions partner with third parties, those third parties are not required to uphold HIPAA. If that's his/her belief, it's 100% false. Third parties associating with healthcare institutions have to sign business associate agreements (BAAs) that require them to uphold the same standard of privacy/security regarding patient data as the first party healthcare institution. There are severe financial penalties for violating HIPAA, and every healthcare institution I've been a part of takes this extremely seriously.
ipython|1 year ago
The thing for me is that if HIPAA truly does provide me privacy of my personal information and health care information, why are all of these privacy and consent forms required?
Whenever I am handed a form that says "privacy policy" my sense is immediately raised - what is it that they're trying to hide from me through mountains of legalese? When I don't receive one (as was the case in my doctors visit) then I am REALLY on edge.
For example, with my health care visit, this thread prompted me to call the listed numbers on the website for the health care provider to discuss their privacy policy. The provider's number dumps you into an IVR that has zero way to reach a human - you must dial an extension, and there is no option for an operator. I ended up calling their headquarters to get a callback from a human.
If there are standard mechanisms and policies in place, then we should be able to understand the rules once and never have to sign another form again, because the rules would be clear, unambiguous, and applicable to every health care interaction. If the rules are clear about not waiving HIPAA privacy/security rights, then why have a privacy policy that's three pages of inscrutable legalese that gives a bunch of weasel room for them to "share" information?
tiahura|1 year ago
hollerith|1 year ago
alsetmusic|1 year ago