You might not expect that the November midterm election would promote a disagreement about HIPAA laws when there were so many other issues up for discussion, but in Lancaster County, PA that is exactly what happened when some people protested that the county’s absentee ballot forms violated HIPAA privacy rules.
In order for Lancaster residents to complete an absentee ballot rather than heading to the polling station in person they had to fill out s form detailing the exact nature of the medical condition or disability that prevents them from voting in person as well as including the name and address of their doctor.
As the form is mailed, and has to be returned, on a postcard leading some residents who needed to file the form to wonder if this information being out in the open in this manner was a violation of their HIPAA rights.
Not so said Larissa Bedrick, a spokeswoman for the state Bureau of Commissions, Elections and Legislation. HIPAA, she explained to concerned locals via the local Lancaster Online website, “restricts health-care providers and insurance companies from releasing that information. … It doesn’t apply to settings outside of that.” Including patients voluntarily releasing their own personal data.
The incident highlights once more how little the general public really understands the HIPAA laws and their rights under them. More patient education is definitely needed across the board.
As for those uncomfortable with the level and nature of the information Lancaster County was asking them to reveal to anyone who happened to work at the post office Bedrick had a suggestion – put the postcard in an envelope before mailing it (and pay extra postage)