Should I tell my doctor about my AAS use?

**DieselPlayer** · 03-31-2005, 03:49 PM

Guys:

I was wondering what you all thought about disclosing AAS to a doctor. Ordinarily, I would keep this sort of information a secret, however, lately, after completing 3 cycles and experiencing some cycle-related sides (I won't go into specifics), I am feeling the need to come clean and ensure that I am in good health.

We all know about the health-risks associated with AAS use (many of which have been greatly exaggerated by the media)...however, would it be "dangerous" to tell my doctor...

If so, what are the repercussions?

Cycle history:
first cycle: 500mg sustanon -10 weeks
second cycle: 500/400mg cypionate , eq-11 weeks
third cycle: 600/400mg enanthate , deca -10 weeks

THANKS!!

**JdFlex** · 03-31-2005, 04:09 PM

Medical records are freely available these days. I don't think documenting steroid use is such a good idea. I wouldn't tell. But that's just me. If I had a serious problem though, I might change my mind. Something to consider.

**Danbrooks2k** · 03-31-2005, 04:16 PM

sure why not, unless you plan on running for public office... oh wait...

yeah go ahead and tell him...

**DieselPlayer** · 03-31-2005, 04:19 PM

Anyone else has an opinion on this??

**cut260** · 03-31-2005, 04:19 PM

That is absolutely wrong that medical records are freely available. That is illegal in every sense of the word and violates the dr. client relationship. You should absolutely tell your doctor about your AAS usage. There is a lot that will explain certain side effects, blood results etc. Just be prepared for the initial mandatory lecture about how awful it is and just remind him that his nightly scotch and water is doing more damage to his liver than what you are doing and then move on.

There is a lot that a Dr. can do to help you when they know what you are doing. I have always been very candid and open with my doctor and there has been a lot he has done for me to help ensure I am in good health. They are on your side and will help you - not harm you or put you in any jeopardy with the law.

**DieselPlayer** · 03-31-2005, 04:37 PM

cut260...thanks for the great info...You are oh so right about the doctor-client relationship issue...I'm definitely leaning toward being candid with him...there is nothing more important than ONE'S HEALTH and WELL-BEING...Thanks, man...

**Georgie** · 03-31-2005, 05:03 PM

Originally Posted by JdJuicer

Medical records are freely available these days. I don't think documenting steroid use is such a good idea. I wouldn't tell. But that's just me. If I had a serious problem though, I might change my mind. Something to consider.

What are you talking about? Medical records are held in the strictest confidentiality. It is illegal to release medical records for any other reason than insurance billing, medical purposes (requested by doctors only if you sign a release form, or its an emergency), or by court order, and even then they are still protected by law. Try reading the privacy form you fill out everytime you go to the hospital or the first time you visit a new doctor. Bottom line, medical records are not just available to anyone. Why don't you enlighten us on how you could legally obtain someone other than yours, medical records.

**yarite** · 03-31-2005, 05:08 PM

I wouldn't see a problem. There is a new law out there called HIPA (Health Information Privacy Act) basically in a nut shell, it will never be released to anybody without your consent. So don't worry about telling your Doc. If someone does release that info to someone there are HUGE consequences.

**Georgie** · 03-31-2005, 05:17 PM

Originally Posted by yarite

I wouldn't see a problem. There is a new law out there called HIPA (Health Information Privacy Act) basically in a nut shell, it will never be released to anybody without your consent. So don't worry about telling your Doc. If someone does release that info to someone there are HUGE consequences.

Well said, I don't know what the one guy was talking about. I would love for him to explain how you could obtain somone's medical records.

**Froggy** · 03-31-2005, 05:28 PM

Many of us sign a bunch of crap (documents) when we go see a doctor...just make sure you don't give up any rights...I don't fill out or sign sh!t when at the docs'...If pressed, just say you will talk to the doc about it...
As far as telling your doctor about juice use...that's your call Bro...

**justin2305** · 03-31-2005, 05:39 PM

i would tell the doc just to be safe JMO and medical records being free to the public or whatever, from what i no and have heard thats some bs thats illegel as hell man but if that were to happen u would be one rich man lol

**LACBodybuilder** · 03-31-2005, 07:04 PM

The only problem with having your doctor record your steroid use is that it can greatly hurt you in the future when applying for health and life insurance. Many companies will not cover anyone with documented steroid use on their record.

**newbrew** · 03-31-2005, 07:51 PM

Personally, I wouldnt. Unless you are going in for something where it may actually be an issue....but as stated above, the idea of having something documented doesnt tickle my fancy. Never know when it might poke you in the ass.

**Terminator1** · 03-31-2005, 11:22 PM

If you tell your Doctor and he puts it in his records, your Insurance premiums can raise. Especially life insurance. They look at your complete medical history to determine premium and insurability. And if they see that you illegally took steroids . They can deny payment of claims in both medical and Life. I recently got my Health and Life insurance license, and most companies have that stated in there contracts that if you use illegal drugs not administered by a physician then they will deny benefits!

***Billy_Bathgate*** · 04-01-2005, 12:10 AM

it can go in the NIB, which is a nationwide database for insurance. it will be on your record, and as terminator said..its possible they could screw you about it

now, what i would do, and not that this is right, but your in a tight situation, is say you are taking prohormones that you got from gnc back before they were banned. that way your legal bases are cleared at least, yet the same possible symptoms and diagnosis can occur

**Georgie** · 04-01-2005, 12:26 AM

This is very useful information pertaining to your medical records. However, the text highlighted in blue pertains to steriod usage. It is against the law for an insurnace company to gain information about substance abuse without your signed expressed written consent.

http://www.epic.org/privacy/medical/

The HIPAA Privacy Rule (45 CFR Parts 160 and 164) provides the "federal floor" of privacy protection for health information in the United States, while allowing more protective ("stringent") state laws to continue in force. Under the Privacy Rule, protected health information (PHI) is defined very broadly. PHI includes individually identifiable health information related to the past, present or future physical or mental health or condition, the provision of health care to an individual, or the past, present, or future payment for the provision of health care to an individual. Even the fact that an individual received medical care is protected information under the regulation.

The Privacy Rule establishes a federal mandate for individual rights in health information, imposes restrictions on uses and disclosures of individually identifiable health information, and provides for civil and criminal penalties for violations. The complementary Security Rule includes standards for protection of health information in electronic form.

Rights Under the Privacy Rule

The individual, who is the subject of Protected Health Information (PHI), has the following rights under the Privacy Rule:

Right to access, inspect and copy PHI held by hospitals, clinics, health plans and other "covered entities," with some exceptions
Right to request amendments to PHI held by "covered entities"
Right to request an accounting of disclosures that have been made without authorization to anyone other than the individual for purposes other than treatment, payment and health care operations
Right to receive a Notice of Privacy Practices from doctors, hospitals, health plans and others in the health care system
Right to request confidential communications of PHI, e.g., having PHI transmitted to a different address or a different telephone number
Right to request restrictions on uses or disclosures, although the "covered entity" receiving the request is not obligated to accept it
Right to complain about privacy practices to the "covered entity" and to the Secretary of Health and Human Services
Limits on uses and disclosures
"Covered entities" that hold PHI may use it without an individual's consent for the purposes of providing treatment to the individual, for payment activities such as claims adjudication and premium setting, and for operating their businesses. They are also permitted to use and disclose PHI as required or permitted by other laws, e.g., laws related to reporting of child or elder abuse, public health oversight and national security investigations. However, those who have PHI must obtain an individual's signed authorization for use of PHI in marketing, research, fundraising, or any other activities that are not part of treatment, payment, health care operations, and other categories specifically identified under the Privacy Rule. A few types of disclosures require that the individual be given an opportunity to agree or object to the disclosure, e.g., whether information should be included in a hospital directory or given to clergy. Based on the professional judgment of a health care professional, some disclosures may be made to friends and family who are involved in an individual's care if such disclosures are found to be in the best interest of the individual.

In addition to specific restrictions on uses and disclosures, the Privacy Rule imposes a general "minimum necessary" requirement on those who hold and use PHI. Except for disclosures to the individual who is the subject of PHI or disclosures for treatment purposes, organizations must limit their uses and disclosures to "minimum necessary" information required to perform a task. They must have policies and procedures that specify what PHI can be viewed by different classes of employees within their workforces, what PHI should be released in response to routine inquiries, and must have a process in place for deciding what PHI should be released in response to non-routine requests.

"Covered entities" must also have formal contracts with their business associates, which use PHI to perform functions on their behalf. Examples of business associates include law firms, accounting firms, accreditation organizations, credentialing services, billing services and third-party administrators. Business associate agreements must stipulate that the business associate will safeguard PHI and will assist the "covered entity" in complying with its obligations with regard to individual rights and oversight by the Secretary of Health and Human Services.

Penalties for violations of privacy

The Privacy Rule includes both civil and criminal penalties for violations of privacy. Generally, penalties are expected to be assessed in cases where organizations or individuals act with willful neglect or intent to cause harm. Civil penalties are specified at $100 per violation, not to exceed $25,000 per person per year for identical violations. Criminal penalties for wrongful disclosure of PHI can go up to $250,000 and/or 10 years imprisonment if the offense is committed with intent to sell, transfer, or use PHI for commercial advantage, personal gain, or malicious harm.

Security standards

Requirements for safeguarding protected health information (PHI) are found in two separate but complementary Rules under HIPAA. The Privacy Rule requires "covered entities" to have in place "appropriate administrative, physical and technical measures" to safeguard PHI. This obligation must be passed on to business associates in business associate agreements and to researchers in limited data use agreements. The Security Rule, published in final form on February 20, 2003, contains considerably more detail about the meaning of appropriate safeguards.

Although the Privacy Rule applies to PHI in any form, including oral communication, the Security Rule applies only to PHI in electronic form. The standards are divided into three groups: administrative safeguards, physical safeguards, and technical safeguards. Administrative standards include risk analysis and management, assigning security responsibilities, policies and procedures, training of the workforce and contract requirements. Physical safeguards include access to facilities and workstations, as well as device and media controls. Technical safeguards include access controls and audits, authentication and transmission security.

The basic principles for security standards can be found in the HIPAA legislation. The law specifies, among other things, that standards must take into account technical capabilities of systems that contain PHI, cost of security measures and scalability issues, particularly as these might affect small and rural providers. The Department of Health and Human Services (HHS) translated these principles into regulation by creating standards (what must be done) and implementation specifications (how the standard can be met). Implementation specifications are further divided into two groups: those that are required (e.g., risk analysis) and those that are ÏaddressableÓ (e.g., encryption for transmission of PHI). If an entity chooses not to implement an addressable specification, it must document its reasons why the specification would not be reasonable or appropriate, and implement alternative equivalent measures if reasonable and appropriate.

With the compliance date in April 2005, it is too early at this time to know how doctors, health plans and other entities will interpret and implement the Security Rule. The Rule does require that "covered entities" think about and document the risks they identify and measures they take to ensure protection of PHI. These records are likely to be used for both enforcement and legal actions.

Substance Abuse Confidentiality Requirements

Information related to substance abuse and chemical dependency treatment is protected by section 543 of the Public Health Service Act, and its implementing regulation, 42 CFR, Part 2. This regulation, which supercedes both HIPAA and all more permissive state laws, requires that any disclosure of information related to substance abuse and chemical dependency treatment be accompanied by the individuals signed authorization. There are no exceptions for disclosures related to treatment, payment or health care operations. The only exception relates to movement of information between different components of the Armed Services, including Veterans Administration. Although the regulation applies only to federally-assisted specialized alcohol or drug abuse program, it is widely interpreted as applying to any federally conducted or funded program, any federally licensed or certified program, programs that are tax exempt, and programs that receive federal funds in any form, e.g., via the Medicaid program. Other Federal Laws

In addition to being subject to HIPAA and Substance Abuse Confidentiality Requirements, health care organizations may be subject to several federal laws that touch in some way on privacy of health information. The Preamble to the Privacy Rule lists the following applicable laws: Privacy Act of 1974, Family Educational Rights and Privacy Act, Freedom of Information Act, Employee Retirement Income Security Act of 1974 (ERISA), Gramm-Leach-Bliley Act, federally funded health programs regulations, Food, Drug and Cosmetic Act, Clinical Laboratory Improvement Amendment, federal disability and non-discrimination laws, and U.S. Safe Harbor Privacy Principles (European Union Directive on Data Protection). In addition, many federal regulations require disclosure of specific PHI for specific purposes in specific circumstances.

In the Preamble to the Privacy Rule, HHS states that there should be few instances of conflict between HIPAA regulations and other federal laws because HIPAA permits but does not require many disclosures. Therefore, when disclosures are required under other federal law, PHI may be disclosed as required by other law. If a disclosure is not required but only permitted under other law, an entity must determine whether the disclosure is permissible under HIPAA and then follow HIPAA requirements for making such a disclosure. If another federal law prohibits disclosure that is permitted but not required under HIPAA, entities must comply with the other federal law.

Genetic Information
Genetic information is generally considered protected health information (PHI) under the Privacy Rule. However, given the sensitive nature of such information and the potential harm that might be caused by misuse or disclosure, special legislation for the protection of genetic information has been introduced in Congress since 1997. The latest activity in Congress took place in May 2003. The Senate Committee on Health, Education, Labor and Pensions passed the Genetics Nondiscrimination Act of 2003, S.1053 (pdf). The bill prohibits health insurance plans from denying enrollment or charging premiums on the basis of an individual's or family members' genetic information. It also prohibits health insurers from basing premiums of a group health plan on the basis of genetic information of plan members or their families. The bill prohibits disclosures or collection (requesting, requiring or purchasing) of genetic information for underwriting purposes. In addition, it prohibits the use of genetic information in employment decisions and applies the same procedures and remedies as apply to other forms of employment discrimination. Following the model of the HIPAA Privacy Rule, the Genetic Nondiscrimination Act provides basic protections for genetic information while permitting greater protection under other federal and state measures. The language of the Senate bill has been introduced in the House as HR 1910.

State Law
State laws cover several areas related to privacy of health information. These include regulation of health insurance, regulation of organizations that perform certain administrative functions such as utilization review or third-party administration, licensure requirements for various medical specialties and medical organizations (including requirements for record-keeping and disclosure), access to medical records by patients, guardians and other interested parties, reporting of information to the state and local authorities, e.g., birth and death or disease incidence, use of information for quality assurance and health care operations, issuance of notices of privacy practices, and reporting and providing access to law enforcement authorities. In recent years many states have also passed confidentiality laws related to specific conditions or types of health information. Examples include laws related to mental health records, HIV/AIDS, reproductive rights and genetic testing.

The HIPAA legislation explicitly addresses interaction between federal and state law. Generally, "covered entities" are required to comply with both HIPAA and state law whenever possible. If it is not possible to comply with both, HIPAA preempts any contrary provision of state law, including state law provisions that require written records rather than electronic ones. State law is not preempted in the following circumstances:

When state law is necessary for regulation of insurance or health plans, prevention of fraud and abuse, or reporting on health care system operations and costs
When state law addresses controlled substances
When a state law relates to reporting of disease or injury, child abuse, birth, or death, public health surveillance, or public health investigation or intervention
When a provision of state law is more stringent than the requirements of the federal Privacy Rule
The most difficult of these exceptions is the stringency exception. A provision of state law is defined to be more stringent if it prohibits or restricts use or disclosure of PHI that would be permitted under the Privacy Rule. Specifically, a more stringent state law:

Permits greater rights of access and amendment to the individual who is the subject of the PHI
Provides more information about use, disclosure, rights and remedies to the individual
Narrows the scope or duration of express legal permission required from the individual for use or disclosure or reduces the coercive effect of the requirement for legal permission for use or disclosure of PHI
Increases the duration or requires more detailed accounting of disclosures
Provides greater privacy protection to the individual
In many cases it is not clear whether a particular state law provision is contrary to HIPAA and, if it is, whether or not it is more stringent. An example of such a provision is a state law that requires a review of PHI by the treating physician prior to release of PHI to the individual. The Privacy Rule allows PHI to be withheld if, in the professional opinion of a licensed health care professional, releasing the information would endanger the life or physical safety of the individual or another person. This implies that PHI would be reviewed by a health care professional prior to release. If the review by the treating physician is conducted for this purpose, the state law provision would not be contrary to HIPAA and, therefore, the state law would not be preempted. However, if a review by the treating physician is conducted in addition to a review conducted by another licensed professional, e.g., one employed by a health insurer, it might be viewed as a way of reducing access and, therefore, contrary to HIPAA. In that case, the provision would be preempted.

Although many analyses of interaction between HIPAA and state law (called "preemption analyses") have been performed on behalf of health care companies and professional associations, these analyses are advisory in nature. There is general agreement that final decisions about the applicability of specific provisions of state and federal law will be made by the courts.

Health Information and Employment
Generally, the Privacy Rule prohibits disclosure of health information for employment-related decisions without the explicit authorization of the individual. Employers that have self-funded health plans regulated under ERISA (Employee Retirement Income Security Act of 1974) must build "firewalls" around these plans to ensure that health information received by plans as part of their operations is adequately safeguarded and not used for other purposes. Employer-sponsors must provide a certification to their group health plans that any PHI they receive from the group health plan will not be used for employment-related decisions. However, once an employer obtains health information, it is not obliged to protect this information under the Privacy Rule.

There are several instances when an employer may be able to obtain health information without individual authorization. Information related to pre- and post-employment drug testing is not considered PHI under the Privacy Rule. The Privacy Rule does not apply to workers' compensation programs, so information obtained by an employer as part of a workers' compensation claim is not protected under the Privacy Rule. If a credit report obtained during a background check contained explicit or implied health information, that information would not be considered PHI. In addition, Department of Transportation regulations, the Federal Aviation Administration, and the Federal Highway Administration rules, contain provisions that require doctors and others to disclose health information to employers. Such disclosures are permitted when required by law and become part of an employee's employment file which is not subject to the Privacy Rule.

Use of Health Information in Marketing
The Privacy Rule explicitly addresses the concern that health information, which was collected for the purposes of providing treatment or paying claims, will be sold or used to market products and services. The 2002 version of the Rule contains a two-part definition of marketing:

"to make a communication about a product or service that encourages the recipients of the communication to purchase or use the product or service"; or
"to disclose PHI to another entity for direct or indirect payment so the other entity can market its own products or services."
In order to use protected health information (PHI) for marketing, covered health care providers, health plans or other entities need to obtain an individual's signed authorization except when the communication occurs face-to-face or involves a gift of nominal value. When an authorization is required, it must explicitly state whether the entity is receiving payment from third parties to engage in a marketing communication.

Although the definition of marketing seems quite broad, several categories of activities and communications are explicitly excluded from being considered marketing. Under the Privacy Rule, an organization is not engaged in marketing:

When a communication is about a health-related product or service that is included in the individuals plan of benefits provided by the entity making the communication, including information about participating network providers, services offered by participating providers, replacement or enhancement to a health plan, or value-added health-related products or services available only to participants of the plan, even if these products or services are not part of the plan;
When the communication is related to the individual's treatment; or
When the communication involves case management or care coordination for an individual, or directions or recommendations for alternative treatments, therapies, health care providers or settings of care for the individual.
Excluded communications are not considered marketing whether a doctor, hospital, health plan or another covered entity delivers them directly or engages a business associate, such as a mailing house or a telemarketer. The Privacy Rule notes that it does not change any restrictions that may exist in other federal or state laws, such as anti-kickback statutes or substance abuse regulations.

The exclusions from the definition of marketing have raised concerns that some consumers may receive unwanted communications or be misled about the nature of the information contained in communications they receive. Below are some examples of such communications:

A drug manufacturer can pay a physician or a pharmacy to send refill reminders to patients, or to send information about a drug to all patients identified with a particular condition or taking particular medications. Although the drug manufacturer would not get PHI from the physician or pharmacy, it would accomplish the same marketing goals by paying someone else to promote its products. Furthermore, because the communication would come from an individual's physician or pharmacist, the information in the communication might be viewed as more trustworthy than it would be if it came from a drug manufacturer.
An individual may find that PHI related to a condition such as diabetes or HIV/AIDS is being used to send her information regarding services or products related to the condition. An exception for case management or coordination of care could be used to exclude such offers from a requirement for written authorization.
A doctor or a health plan may send information about health-related products such as health club memberships, massage therapy or herbal supplements, as long as these products, services or discounts are health-related and not available to the general public.
A dentist may continue give patients toothbrushes, floss and toothpaste samples because these are considered to have nominal value.
When the Privacy Rule was being revised in early 2002, privacy advocates objected to excluding these types of communications from the definition of marketing. The Department of Health and Human Services agreed that there may be some confusion about the appropriate scope of activities that fall under "treatment" and "marketing", and that abuses may occasionally occur. Nevertheless, it decided that differentiating between various communications from a covered entity would be too difficult and confusing and might even be seen as an attempt to interfere with the ability to provide high quality health care. Therefore, all communications that fall under the exceptions are permitted without individual's authorization. Although an individual has a right to ask for a restriction on uses and disclosures of his or her PHI, including uses and disclosures for treatment, the covered entity is not obligated to comply with the request. As a result, an individual may have no recourse with respect to communications that fall under the marketing exception.

Disclosure of Health Information for Law Enforcement and National Security
The HIPAA Privacy Rule permits but does not require disclosures of PHI required by other laws. Such disclosures must be limited to meet the compliance requirements of those other laws. Substance abuse regulations, which are more stringent than the Privacy Rule, prohibit some disclosures that would otherwise be permitted.

Disclosures to law enforcement officials

The Privacy Rule includes a standard for disclosures to law enforcement officials. The standard permits the following types of disclosures:

Pursuant to a legal process or otherwise required by law, including disclosures of certain types of wounds, and disclosures in response to court orders, subpoenas, and administrative requests. Administrative requests must be specific and limited, relevant to a legitimate ongoing investigation, and must demonstrate that de-identified information (that is, information without individual identifiers) cannot be used.
Limited information disclosures for the location of a fugitive, suspect, material witness or missing person.
Information about an individual who is or is believed to be a victim of crime if the individual agrees to the disclosure or, under specific rules, if the individual is unable to agree or object.
Information about decedents.
Information about crime on the premises of the covered entity if there is a good faith belief that the disclosed PHI is evidence of a crime.
Limited disclosure in emergencies in order to alert law enforcement about the commission of a crime.
Additional disclosures to law enforcement officials are permitted under other parts of the Privacy Rule. For example, disclosure is permitted if a covered entity believes that an individual may pose serious threat to health and safety and the disclosure may help law enforcement authorities reduce the harm or apprehend the individual.

Although disclosures to law enforcement authorities may be made without individual authorization and, in some cases, without giving the individual an opportunity to agree or object, such disclosures generally become part of Accounting for Disclosures that an individual can request from a covered entity. If a law enforcement official requests that law enforcement-related disclosures not be listed in the Accounting for a specified period of time, the entity providing the Accounting must suspend the individual's right to see a listing of such disclosures.

PHI of inmates and detainees in correctional institutions is generally subject to protections under the Privacy Rule, with some exceptions. The Rule permits covered entities to share inmates' PHI for specified health care and custodial purposes without authorization. Once individuals are released from custody, their PHI becomes subject to all protections under the Privacy Rule.

Some concerns have been raised that health oversight agencies may lawfully obtain PHI under the Privacy Rule and then re-disclose the information to law enforcement authorities. In its comments on the December 2000 Privacy Rule, HHS acknowledged that potentially such re-disclosures could take place, but stated that is does not have statutory authority to regulate health oversight agencies.

Regulations dealing with substance abuse are more stringent then the Privacy Rule when it comes to disclosures related to law enforcement. Information related to substance abuse may not be disclosed to law enforcement officials without individual authorization.

Disclosures for National Security

Covered entities are permitted to disclose PHI to authorized federal representatives for conduct of intelligence, counter-intelligence, and other national security activities, as well as to provide protective services to the President and others. These disclosures do not require individual authorization and do not become part of the Accounting for Disclosures. HHS states in the Preamble to the December 2000 Privacy Rule that the Rule does not confer any new authority with regard to disclosures related to national security or protective services because it does not compel covered entities to release information for these purposes. Of course, if new law is passed that requires disclosures of PHI for national security purposes, these disclosures would fall under provisions for disclosures required by law, and covered entities would have to comply with these requirements.

Consumer Advice to Safeguard Your Medical Records
What's In Your Medical Records?

Besides information about physical health, these records may include infomation about family relationships, sexual behavior, substance abuse, and even the private thoughts and feelings that come with psychotheraphy. This information is often keyed to a social security number. Because of a lack of consistent privacy protection in the use of Social Security Numbers, the information may be easily accessible.

Information from your medical records may influence your credit, admission to educational institutions, and employment. It may also affect your ability to get health insurance, or the rates you pay for coverage (OTA report). More importantly, having others know intimate details about your life may mean a loss of dignity and autonomy.

Maintaining Medical Record Privacy

Threats to the privacy of your medical information.
Protect the privacy of your social security number.
Tell your physician everything necessary for proper treatment, but "think twice before disclosing information that has no bearing on your health." (Consumer Reports, Oct. 1994, p. 629).
Ask your doctor if any of the records can be accessed from outside the office. If so, ask for what purpose they may be accessed.
Before the office sends your medical records to another party, such as an insurance company, ask to view the record.
Ask for a notification if your medical records are ever subpoenaed.
Controlling access to other personal information.
Resources
Department of Health and Human Services Administration Simplification site has links to a variety of HIPAA information including all the Rules and the HIPAA legislation

Office for Civil RightsÛPrivacy of Health Records site includes answers to frequently asked questions (FAQs), guidance documents and complaint procedures

Georgetown University Health Privacy Project site includes updated information on state laws related to health privacy

National Association of Insurance Commissioners privacy page includes information related to regulation of health insurance

WEDI-Strategic National Implementation Process (SNIP) papers on security and privacy of health information

**dtr98** · 04-01-2005, 12:28 AM

patriot act

Originally Posted by Georgie

Well said, I don't know what the one guy was talking about. I would love for him to explain how you could obtain somone's medical records.

**phwSSJ** · 04-01-2005, 12:56 AM

I would listen to Georgie and Billy,

If you are really worried, then I would just flat out ask the doc.....
If I "my friend" did such n' such and he came to you, what would happen with paperwork and all that?

Or just tell them you did pro hormones!

But, I dont think they would do anything to screw you over, cuz they would just be shooting themselves in the foot.

Not to mention, most doctors dont know that much about steroids .
Even doctors that work on athletes.
You got to find specialists for real advice.
SO before you go and spill your guts, make sure your doc knows his schit!

**Georgie** · 04-01-2005, 01:21 AM

[QUOTE=Billy_Bathgate]it can go in the NIB, which is a nationwide database for insurance. it will be on your record, and as terminator said..its possible they could screw you about it

Can you provide any more information on this NIB? I have been looking around the net and can not find any information on a nationwide insurance database. I have also been doing a ton of research on HIPPA and medical privacy. HIPPA should protect you, but now you have got me all worried now. The type of employment I have been seeking does extensive background checks. I will be calling my insurance company tomorrow to see if I can simply be looked up in a database by SS# and have someone be able to determine who my insurance company is, and what doctors have treated me. I know for a fact, as stated in the previous post, there are very strict rules protecting medical records pertaining to substance abuse. Medical records would only do someone good if they knew where to look for them. You say the NIB could do that, but im not sure that exists. Can you please provide more info.

**Terminator1** · 04-01-2005, 10:08 AM

HIPAA is for group health plans only not individual and not life. I should have made it clearer in my earlier post but they only really look at medical records when doing an individual health insurance. Not group plans. Also in the uniform provision laws for individual health insurance it states that the insurer is not liable for any loss arising from the insured’s use of any drug not administered on the advice of a physician.
Factors used by Life insurance underwriters in evaluating risk include Age, sex, marital status, occupation, health, financial state, income and Medical history. One of the basic sources an underwriter uses in evaluating risk is the info provided by the attending physician regarding the health history of the applicant.

**phwSSJ** · 04-01-2005, 11:48 AM

Originally Posted by Terminator1

HIPAA is for group health plans only not individual and not life. I should have made it clearer in my earlier post but they only really look at medical records when doing an individual health insurance. Not group plans. Also in the uniform provision laws for individual health insurance it states that the insurer is not liable for any loss arising from the insured’s use of any drug not administered on the advice of a physician.
Factors used by Life insurance underwriters in evaluating risk include Age, sex, marital status, occupation, health, financial state, income and Medical history. One of the basic sources an underwriter uses in evaluating risk is the info provided by the attending physician regarding the health history of the applicant.

They sound like a bunch of dicks,
I would loose them and find another group.
But most of the time its hard to do that.