Chances are that, in the last few years, you've been asked to endorse dozens of so-called privacy agreements while sitting in doctors' waiting rooms. Under the provisions of the Health Insurance Portability and Accountability Act (HIPAA), health care providers have the right to share your data for several purposes, including your treatment, to process billing and to respond to requests from public-health authorities, law enforcement and your employer, if you were hurt at work.
All that seems reasonable. HIPAA, for example, allows your doctor to discuss your case with, say, a radiologist if you require an X-ray for an ankle injury. But as things stand now, HIPAA regulations also allow your medical information to be shared by hundreds of thousands of people without your knowledge - health care-related companies such as drugmakers, fundraisers, law practices, marketers and transcription services.
And those businesses can, in turn, share your data with their affiliates.
Your information also could be included in health care research or public-health programs without your knowledge.
Unfortunately, opting out isn't an option in most cases covered by HIPAA. And simply refusing to sign the privacy agreements won't change your provider's ability to share your information. The notice is not a contract: It is merely a mandated disclosure form to prove that you were informed in writing about how your data may be shared.