YOU ARE NOT REQUIRED
TO SIGN HIPAA "PRIVACY" FORMS
By federal law and rule, you are not required to sign the clinic or hospital HIPAA "Privacy" form...even if the clinic or hospital tries to insist that you must. The form has nothing to do with consent or health privacy. The form is actually just an acknowledgment that you have received and understood the clinic or hospital's "Notice of Privacy Practices," which given the permissive access allowed, could better be described as a Notice of Data Disclosure Practices.
Federal law only requires that the clinic or hospital make a good faith effort to obtain your signature on the form. Contrary to popular belief, signing this form does not provide you with any privacy or consent rights...and it could be used against you if you ever declare that your privacy rights have been violated. If signed, the clinic or hospital could point to your signature and tell you that you knew that your private data was going to be shared broadly.
The Administrative Simplification section of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) eliminated longstanding legal written informed patient consent requirements for the sharing of private medical data. Thus, the U.S. Department of Health and Human Services notes in the final rule that approximately 600,000 entities, plus their business associates, may now be given access to your private medical data without consent. Thus, the "privacy" Notice simply informs you about the purposes for which your health data can be shared without your consent and the types of entities with whom it may be shared.
State law is allowed to be more protective. The federal HIPAA law allows state privacy laws that truly protect privacy to supercede the federal law. Thus, as one major institution notes on their Notice of Privacy Practices, certain STATE LAWS (Minnesota, Florida, etc.) may protect your health privacy where the federal law does not. To be clear, the federal law does NOT protect your privacy. It actually opened your medical records allowing them to be computerized and placed online in anticipation of creating a National Health Information Network, which was recently given $20 billion by the American Recovery and Reinvestment Act (HITECH ACT, economic stimulus, Feb 2009). Jan. 2010 Interview with David Blumenthal on NHIN (InformationWeek).
Resist Conforming State Law to HIPAA: Any and all State legislative attempts to conform State law with the federal HIPPA law or specifically, the HIPAA "privacy" Rule (45 CFR Part 160, 164) should be strenuously resisted and avoided. Such laws may void current State privacy laws or eliminate the possibility of enacting strong truly protective State health privacy laws in the future.
Take a Stand at Your Clinic: To assert your right to refuse signing the Notice, you may simply refuse to sign the Notice of Privacy Practices section on the consent form. You may cross out the Notice of Privacy Practices section and refuse to sign it. You may refuse to sign it even if they ask you to sign that you refused to sign it. You may also file a complaint with the Office of Civil Rights at the U.S. Department of Health and Human Services if you believe your rights have been violated.
Warning Before You Act: Some clinics are now incorporating the Notice within their consent for treatment forms. You may choose to cross out the lines related to the Notice of Privacy Practices. Keep in mind that most clinic staff believe the document actually protects privacy. This is your opportunity to educate them. Feel free to copy and share the federal language in the documents accessible on this web page.
Please Notify CCHC: If your clinic refuses to treat you because you refuse to sign the form (a pregnant woman has already contacted us saying her clinic refused to perform her C-section if she didn't sign the form), please notify CCHC in writing with the details of your encounter.