As humans we all have rights to privacy and restriction of information as long as they are not information that can be used to stop imminent dangers to another individual or the public at large. The same way we all have rights to determine who knows what about us, are the same way patients have the rights to determine who knows what about their health. Poor handling of health information may cause more harm than good to the patient. For instance, poor handling of a patient’s physical health information can be used by another individual to inflict some emotional and psychological pains on the individual. This is why the Health Insurance Portability and Accountability Act (HIPAA) and the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules give a patient being treated in a facility operated by a Covered Entity (CE) certain rights to make certain restrictions on their Protected Health Information (PHI).
Patients have the right to ask that as a CE you restrict certain:
Uses and disclosures of their PHI for treatment, payment, and health care operations and disclosures to any person who is involved in the patient’s health care or payment for health care services.
They have the right to also ask that a Covered Entity (CE) or Business Associate (BA) make restrictions to disclosures to inform family members or others about the patient’s general condition, treatment and treatment levels, payments, location, or death
There are cases when a patient may request that his or her Protected Health Information (PHI) should not be disclosed to his or her health plan. The CE would have to comply. This usually happens if the patient or someone acting on behalf of the patient paid out-of-pocket for the service rendered or item sold. Every facility operated by a CE should have in place policies and directives that take care of such situations.