I'm not sure I understand. How does a new insurer find out about a preexisting condition if health information is as private as you say?
What does "specifically permitted by regulation" mean? It can only mean a weakening of the expectation of complete confidentiality, not a strengthening.
Good questions, V.
Answers are in indigo.For your first question...
Plan Sponsor - Generally, an "employer", but not all plan sponsors are employers.
Pre-existing conditions - Generally, a diagnosis for which medical care has been received for a period of time in advance of a coverage event.
Covered Entities: Individuals and Entities that are specifically indicated by law to be subject to the HIPAA statute and any regulations promulgated under the statute. These are "Health Care Providers", "Health Plans", and "Health Care Clearinghouses". As of February 17, 2010, "Business Associates" of covered entities are now also subject to the HIPAA Security Rule.
PHI - Protected Health Information. This is information that is defined by the HIPAA Privacy Rule that is subject to protection and civil and criminal penalties when those protections are violated.
Assumptions: The individual is not obtaining insurance coverage through a sponsored group health plan with an agreement with the plan sponsor to waive any pre-existing condition clause; The individual is NOT already covered by a health plan without any pre-existing condition stipulation in effect; The individual has NOT been covered by a health plan for more than 60 days. In short, an individual with no health insurance, and no health insurance for over 60 days. The term "pre-existing condition" varies from health plan to health plan.When an individual with a pre-existing condition approaches a health plan, the health plan will perform an underwriting. This is a risk assessment on the individual and any potential dependents. The health plan is permitted to ask about, and receive health information in regards to any pre-existing conditions as a part of the underwriting process. The health plan will use this information to make a policy writing decision. A pre-existing condition clause could be part of this policy writing decision. The individual must answer honestly about any questions asked by the health plan during underwriting, otherwise this could be later construed as fraud and payment for claims for the pre-existing condition could be denied, and any payment previously made could be recovered. This is how health plan legally obtains health information which is private. It is an obligatory and voluntary disclosure that the individual makes to the health plan as a part of the underwriting decision. If the individual does not want to make the disclosure, then the health plan can deny coverage.
Pre-exisiting condition clauses are nullified by HIPAA when there is no more than a 60 day break in continuous "creditable coverage". In other words, if you have been covered by a health plan for longer than any pre-existing condition clause, then if you change health plans and do not have a 60 day break in continuous coverage, your new health plan cannot impose a pre-existing condition clause upon the individual. This is very important information for those persons who have any kind of health condition that requires continuous management. These individuals do not EVER want to have their health plan coverage lapse, lest they be subject to pre-existing condition clauses.
These protections generally are addressed by HIPAA Title I
More information on health insurance reform for consumers can be obtained from the U.S. Department of Health and Human Services at:http://www.cms.gov/HealthInsReformforConsume/Now, for question #2...
The HIPAA Privacy Rule generally takes the approach that healh care providers, health plans, and "health care clearinghouses" ("covered entities") may not use or disclose PHI for any purpose outside of what is "specifically permitted by regulation", or specifically authorized by the individual.
Information for consumers about the HIPAA Privacy Rule can be obtained from the U.S. Department of Health and Human Services at: http://www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/index.html
A summary of the HIPAA Privacy Rule regulations is available from the U.S. Department of Health and Human Services at: http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/privacysummary.pdf
And for you die hard masochists, the actual combined text of the HIPAA Privacy Rule regulations as stated in the Code of Federal Regulations (45 CFR Parts 160, 162, and 164) can be found at: http://www.hhs.gov/ocr/privacy/hipaa/administrative/privacyrule/adminsimpregtext.pdf"Specifically permitted by regulation" pertains to the use and disclosure of PHI for certain activities that have been identified as being central to the processes of delivering health care (treatment, payment, and "health care operations". These are routine uses and disclosures.
Additional activities have been identified as being necessary uses and disclosures for non-routine purposes.
All routine and non-routine disclosures will be communicated to the individual in the form of a "Notice of Privacy Practices".
As to your viewpoint that HIPAA "weakens" our privacy...
Previous to HIPAA, Congress performed a study which indicated that individuals were avoiding healthcare due to reasons associated with privacy and possible loss of insurance coverage. Congress found that not only was there unnecessary human suffering and lower quality of life for Americans, but that the cost of healthcare was higher when people did not get early diagnosis and treatment of health issues. Congress also noted that life-spans of Americans could be higher if people got more healthcare. Sadly, it comes down to dollars and cents. If people are healthier and live longer, they produce more tax revenue for society and present less of a liability to the Medicare and Medicaid trust funds. During this period, the privacy of an individual's health information varied from state to state. HIPAA was meant to put into place a "floor" of privacy rights. People in those states that had stronger protections could still keep those protections. People in those states that had weaker protections or no protections would now have protections. And, there are Federal Civil and Criminal penalties to back these rights up.
Overall, HIPAA has provided the consumer with protections over their medical record much like those over their credit report. And, with the civil and criminal penalties against unlawful use or disclosure, you the consumer have recourse that you did not have previous to 2003.
The results have been quantified 14 years later as having been a net benefit to the quality of life and to the improved efficiency of the health care system.
New provisions included in the American Recovery and Reinvestment Act now provide the consumer with even more protections and provide incentives for health care providers that make "meaningful use" of Electronic Health Record technologies (which can protect medical records to a higher standard of care than old fashioned paper records).
Sorry about the long post, everybody. B