Protecting Your Child’s Medical Privacy: A Checklist For Parents of Children with DSDs or Intersex Conditions
If you, like many parents of children with DSDs or intersex conditions, are concerned about keeping your child’s medical information private, there are some basic steps you can take that will help to ensure that right to privacy is honored. Whether you live in a big city or a small town, you may have concerns about who can view your child’s medical record and what you can do to assure that it is not accessed unnecessarily.
You and your child have the right to your medical privacy. The checklist below shows some of the ways that you can exercise that right.
Find out who the privacy officer is at your family doctor’s office.a.Under the federal Health Insurance Portability and Accountability Act of 1996 (HIPAA), all healthcare providers must appoint a privacy officer.
If, for example, there is only one administrative staff member at your family doctor’s office, then that staff member is automatically the privacy officer, and s/he is responsible for making sure your child’s record remains private.
1. Find out who the privacy officer is at your family doctor’s office.
- Under the federal Health Insurance Portability and Accountability Actof 1996 (HIPAA), all healthcare providers must appoint a privacy officer.
- If, for example, there is only one administrative staff member at your family doctor’s office, then that staff member is automatically the privacy officer, and s/he is responsible for making sure your child’s record remains private.
- However, if there is more than one administrative staff member at the office, the provider must appoint one of them as the privacy officer. Any administrative staff member should be able to tell you who that person is at your family doctor’s office.
2. Make an appointment or other similar arrangement to speak with the privacy officer at some location where you feel comfortable having a discussion with her about your child’s medical file and protecting your child’s privacy.
3. Here are some things you can ask/say at that appointment:
- First, let the privacy officer know why you’ve asked to meet with her. We recommend a friendly approach to this meeting.
- For example, you could explain that you’re concerned about your child’s privacy, and that you are seeking her help to protect it. Then, once the privacy officer knows why you want to talk to her, you can proceed to your specific questions.
- A good question to start with is: “What procedures do you already have in place to protect my child’s privacy?”
- Make notes, written ones if that helps you, of what you like about her answer, and what concerns you still have about the procedures she describes. Ask further questions if anything she says is unclear. The answer she provides to this question will determine what additional procedures, if any, you want to request.
- Another helpful question to ask is: “How do you control access to patient files in this office?”
- Another good question to ask is: “How long do you keep medical records on file?”
- This isn’t just a privacy question. In addition to determining how long your child’s record will be kept if s/he, for example, starts seeing another doctor sometime in the future, the answer to this question will also give you an idea of when/how often you should request a copy of your child’s file for your own records.
- It’s a good idea to keep an ongoing, permanent file of your child’s medical records as s/he grows, one that s/he can continue to maintain on his/her own when s/he is ready. Your child may want to refer to it in the future, and a complete file will be very helpful to him/her at that time.
4. Request a list of disclosures from your family doctor.
- You have a right to request a listing of any disclosures of your child’s private medical information for purposes other than treatment, payment, or health care operations.
- You may be able to do this through the privacy officer as well, depending on the office’s procedures. You can certainly ask the privacy officer who you should talk to in order to get a list of disclosures.
- You can request a list of disclosures once every year to confirm that your family doctor’s office, or any other medical facility that has treated your child, has not made any improper/unauthorized disclosures.
- Also, under HIPAA, when a provider discloses medical information for a legitimate purpose, such as releasing information to your insurance provider for reimbursement, they must limit the disclosure to only the necessary information. If they disclose more than necessary, this can constitute a violation.
- The fines for HIPAA violations are significant. HIPAA is intended to protect the privacy rights of patients in an electronic age, and practitioners are given incentives to comply with the law to the fullest, and serious consequences if they fail to comply.
5. Request any restrictions that you would like to have placed on your child’s file.
- Under HIPAA, you can request any restrictions you wish on the disclosures of your child’s medical information. If the provider agrees, they must then comply with the restrictions, unless they are treating your child in a medical emergency.
- You can also ask if there is a way for your child’s file to be marked as highly confidential.
- One way to approach requesting restrictions is to write a letter explaining your specific concerns about your child’s medical privacy, and requesting that your family doctor’s office take every precaution to keep the details of your child’s medical record extremely private. You can also request that a copy of this letter be placed in your child’s file.
- If there is a potential disclosure that particularly concerns you, you can explain your situation to the privacy officer. For example, if you know someone personally who works in your family doctor’s office, and you don’t want that person to see your child’s file, you may want to ask if it is possible to restrict that person’s access to it.
For More Information
For more information about protecting the privacy of your child’s medical record, in addition to the other materials on privacy available through the AIC website, we recommend the HIPAA summary available through the Privacy Rights Clearinghouse at http://www.privacyrights.org/fs/fs8a-hipaa.htm#14.
We also recommend an article on HIPAA that AIC’s Executive Director wrote for Endocrine Today, available at http://www.endocrinetoday.com/view.aspx?rid=42621. This article is geared toward medical practitioners, so you could bring it to the privacy officer at your family doctor’s office, or to your family doctor him/herself, if you wish.
More information on HIPAA and medical privacy is available at http://aiclegal.org/know-your-rights/medical-privacy/.
The federal Health Insurance Portability and Accountability Act of 1996 (HIPAA), along with other state and federal legislation, ensures certain medical privacy rights for children with intersex conditions or DSDs and their families. For more information, see AIC’s handout: Questions & Answers About Medical Privacy Rights For Parents of Children with DSDs or Intersex Conditions or contact AIC.
This fact sheet offers general information only and is not intended to provide guidance or legal advice regarding anyone’s specific situation. Please bear in mind that this is an evolving area of law in which there is bound to be uncertainty. Do not rely on this information without consulting an attorney or the appropriate agency.
© 2011 AIC