This health journey I’m on can be quite a ride. Tomorrow I’ll test drive a new neurologist. They want me to bring certain information from my previous neurologist: Recent notes, medications, MRIs on CD. They can’t just go get it. Their system doesn’t talk with the previous neurologists’ system. I know I’m going to have to sign something that tells me how they will keep my personal health information (PHI) private. What does that even mean? The principle is: Individuals should be provided a reasonable opportunity and capability to make informed decisions about the collection, use, and disclosure of their individually identifiable health information. I should be able to decide if, when, or what information I want shared about me, with whom. The relevant law is the HIPAA Privacy Rule. The Privacy rule defers to covered entities (providers of care) with regard to the decision of whether to obtain an individual’s consent in order to use or disclose PHI for treatment, payment, and health care operations purposes, and with regard to the content of the consent and the manner of obtaining it. 45 C.F.R. § 164.506(b). Here’s a link to more information. I think it says that the covered entity can decide whether or not to get my consent. And what isn’t treatment, payment, and health care operations?
I don’t really care who knows anything about me. I’ve always just signed whatever is put in front of me. After all I write a blog about health and talk about my health openly. It might as well be on a billboard. But what if I did care and didn’t want to sign? Can I say no? Will anything about my care change if I say no? What I do care about is that my wife – my health partner – and all the members of my health team have access to all the same information I can have access to. How do I pave the way for that? We’ll see what happens tomorrow.