Summary of the HIPAA Privacy Rule
HIPAA is a federal law that gives you rights over your health information and sets rules and limits on who can look at and receive your health information.
You have the right to:
- Ask to see and get a copy of your health records.
- Have corrections added to your health information.
- Receive a notice that tells you how your health information may be used and shared.
- Decide if you want to give your permission before your health information can be used or shared for certain purposes, such as marketing.
- Get a report on when and why your health information was shared for certain purposes.
- If you believe your rights are being denied or your health information isn't being protected, you can:
- File a complaint with your provider or health insurer, or
- File a complaint with the U.S. Government.
You also have the right to ask your provider or health insurer questions about your rights. You also can learn more about your rights, including how to file a complaint from the Web site at www.hhs.gov/ocr/hipaa/ or by calling 1-866-627-7748.
Who Must Follow this Law?
- Doctors, nurses, pharmacies, hospitals, clinics, nursing homes, and many other healthcare providers.
- Health insurance companies, HMOs, most employer group health plans.
- Certain government programs that pay for healthcare, such as Medicare and Medicaid.
What Information is Protected?
- Information your doctors, nurses, and other healthcare providers put in your medical record.
- Conversations your doctor has had about your care or treatment with nurses and other healthcare professionals.
- Information about you in your health insurer's computer system.
- Billing information about you from your clinic/healthcare provider.
- Most other health information about you, held by those who must follow this law.
Providers and health insurers who are required to follow this law must keep your information private by:
- Teaching the people who work for them how your information may and may not be used and shared,
- Taking appropriate and reasonable steps to keep your health information secure.
To make sure that your information is protected in a way that does not interfere with your healthcare, your information can be used and shared:
- For your treatment and care coordination,
- To pay doctors and hospitals for your healthcare,
- With your family, relatives, friends or others you identify who are involved with your healthcare or your healthcare bills, unless you object,
- To protect the public's health, such as reporting when the flu is in your area, or
- To make required reports to the police, such as reporting gunshot wounds.
Your health information cannot be used or shared without your written permission unless this law allows it. For example, without your authorization, your provider generally cannot:
- Give your information to your employer.
- Use or share your information for marketing or advertising purposes, or
- Share private notes about your mental health counseling sessions.