HIPAA Laws in Virginia Are About Privacy
Virginia HIPAA laws explicitly recognize a patient’s right of privacy in the content of their medical records. To further this privacy interest, HIPAA laws in Virginia state that patient health records are the property of the healthcare entity maintaining them. To further protect privacy, Virginia HIPAA laws state that no healthcare entity, or other person working in a healthcare setting, may disclose an individual’s health records, except when permitted or required by other state law. HIPAA laws in Virginia differ from federal HIPAA in that federal HIPAA law does not explicitly state that patients have a right of privacy in the content of their medical records.
Do you have an effective HIPAA compliance program? Find out now by completing the HIPAA compliance checklist.
Virginia HIPAA Laws: Make Amends
Virginia HIPAA laws differ from federal HIPAA in several other aspects. Under HIPAA, if a covered entity accepts an individual’s request for amendment or correction of PHI, it must make the appropriate amendment. The covered entity must identify the records in the patient’s designated record set and either append or otherwise provide a link to the location of the amendment.
However, providers are not required to delete any PHI. They may do so if they choose to. For example, suppose an inaccurate diagnosis is listed in a patient record. In that case, a provider may, under HIPAA, make a note that the diagnosis is not accurate, but the diagnosis need not be deleted.
Virginia HIPAA laws provide greater protection to patients. HIPAA laws in Virginia require providers to disclose patient health records to the patient at their request. Suppose the patient specifically requests an audit trail of any additions, deletions, or revisions to their health record. In that case, the provider must comply with the request if the information the patient wants deleted is not accurate.
This Virginia-provided extra layer of protection to patient privacy may seem trivial on paper. In practice, the “right to deletion” can matter a great deal to a patient. A patient whose record mistakenly listed the patient as “angry” or as having an illness the patient does not have, is saved, what might be considerable embarrassment or stress by having the right to delete.