There is a federal law, the Health Insurance Portability and Accountability Act (HIPAA) that gives you the right to keep your health information private. HIPAA and some state laws affect how your health information can be used or shared.
What Are Your Rights?
Health care providers and health insurers who are required to follow HIPAA must comply with your right to:
- Ask to see and get a copy of your health records
- Have errors in your health records corrected
- Receive notice on how your health information can be used or shared
- Decide if you want to allow your health information to be used or shared
- Get a report on when and why your health information was shared
- File a complaint with your provider or with the federal Department of Health Human Services if you believe your rights are violated or your health information is not being protected
While you must give your written permission for the use or sharing of your health information to your employer or mental health counselors or for marketing or advertising purposes, your health information can be used and shared without your permission for the following purposes:
- Your treatment and the coordination of care
- Payments to health care professionals for your care and treatment
- Family members and friends that you identify as being involved in your health care or health care bills
- Ensure that you are provided good care by doctors and a clean and safe environment in nursing homes
- Protect the public health by reporting flu and virus incidents in your area
- Make required public safety reports such as gunshot wounds
What Information Is Protected?
HIPAA requires the following health and medical information be protected from unauthorized use or sharing:
- Information placed in your medical records by health care professionals
- Conversations that your doctor has with other health care professionals about your care and treatment
- Information about you that is stored in your health insurer's data systems
- Billing information about you
- Any other health information that is kept by those who must comply with HIPAA
Who Must Comply with HIPAA?
The following people or entities are required to protect you public health information and to comply with HIPAA privacy safeguards:
- Doctors, nurses, pharmacies, hospitals, medical clinics, nursing homes and other health care providers
- Health insuring organizations including insurance companies, health maintenance organizations (HMOs), independent physician associations and provider networks
- Medicare, Medicaid and other state and federal government programs that pay for health care
If you believe that your health information privacy rights are being violated, you can file a HIPAA privacy complaint with the federal Department of Health and Human Services.
Questions For Your Attorney
- Must all health care providers follow HIPAA?
- Who is not required to follow HIPAA?
- How is the information protected?