Recently, after I switched employers and started a new job, I went through my health insurance options along with all the other HR paperwork that coincides with being a new hire. Generally speaking, most of the paperwork for health insurance is pretty cumbersome, and it typically includes a few different health insurance options with detailed information on coverage provided and associated costs.

Once you’ve gone through all of the options and finally settle on a choice, then it’s time to fill out the requisite paperwork to sign up for coverage. The paperwork consists of multiple pages of small font and dense text requiring your personal information and signatures on many different sections.

Because a vast majority of the paperwork must be filled out and signed to obtain health insurance coverage, it’s not uncommon for people to quickly go through each section and provide their information and/or signature.

And this is where I almost signed away my medical and health information privacy without noticing.

Authorization to Release Medical Information and Signature

In my particular case, section G contained the optional release language and signature. I was getting ready to review the section and sign—just like the previous sections I went through—until I read the first sentence:

“I authorize [Health] Insurance Company and its affiliates…to obtain, use and disclose my medical, claim or benefit records, including any individually identifiable health information contained in these records.”

The initial sentence immediately caught my attention. Why would I allow the health insurance company’s many affiliates to access my medical records? However, as a large insurance company, it’s understandable that they would have a complex business structure with many different entities. But I still found it odd that they would need express permission for my health insurance information. Then I read the extent of access being requested for these affiliates.

“I understand that these records may contain information created by other persons or entities (including health care providers) as well as information regarding the use of alcohol, HIV/AIDS, mental health (other than psychotherapy notes), sexually transmitted disease and reproductive health services.”

This kind of access seemed somewhat intrusive but not necessarily out of the ordinary. While I was wary, I was wondering if I would be required to sign this release information to obtain health insurance through my employer. But, if I was forced to sign and release my medical and health information, was it a violation of my medical privacy rights under the federal HIPAA Privacy Rule? Reading more into Section G, I soon found my answer buried in the middle of the text.

“I understand that this authorization is voluntary and I may refuse to sign the authorization. My refusal may, however, affect my ability to enroll in the health plan or receive benefits, if permitted by law.”

Okay, so the section is optional. That’s important to know. However, the subsequent sentence sure makes it sound like refusing to sign could jeopardize my ability to obtain health insurance through my employer. Maybe it’s worth signing Section G just to ensure that there are no problems obtaining health insurance. My main concern, however, came from another section that explained I was “acknowledging” and, as a result, forfeiting my right to medical privacy by signing.

“As required by HIPAA, [Health Insurance Company] and Affiliates also request that I acknowledge the following, which I do: I understand that information I authorize a person or entity to obtain and use may be re-disclosed (with the exception of HIV/AIDS health information) and no longer protected by federal privacy regulations except as prohibited by state law.”

I found this language concerning. By signing this release, I would no longer have the full protection provided by HIPAA for my medical records privacy. I really wouldn’t know who would have access to my medical records and how that information would be used. Ultimately, I had no intention of signing away my rights to privacy and confidentiality. So, I decided to inquire a bit more about the issue.

Due Diligence Protected My Medical and Health Privacy

From reading into Section G, I was clearly able to understand that signing it would forfeit my rights to medical and health information privacy under the federal HIPAA Privacy Rule. I had no intention of signing it, but I wanted to know if my refusal to sign could adversely affect my ability to receive employer health insurance.

I brought up the issue with my company’s lawyer. He seemed surprised at the question but kindly reviewed the section. His reaction was priceless. He was shocked at the kind of access being requested and the ambiguity of how that information could be used. He said that he would never sign that section.

In the end, I did not sign that section, and I had no problems receiving health insurance through my employer. However, when I brought it up to colleagues during open enrollment at the end of the year, most people seemed to sign it without a second thought.

It is an important lesson: If you would like to maintain your privacy to the best extent possible, be diligent when reviewing and signing the sections in your employee health insurance documents.