Health Information Privacy (HIPAA)

The Health Insurance Portability & Accountability Act of 1996 (“HIPAA”) requires that all medical records and other individually identifiable health information to be kept confidential. HIPAA gives you the right to understand and control how your health Information is used. There are  penalties for misuse of personal health information.

What’s Protected 

  • Information your doctors, nurses, and other health care providers put in your medical record
  • Conversations your doctor has about your care or treatment with nurses/others
  • Information about you in your health insurer’s computer system
  • Billing information about you at your clinic
  • Most other health information about you held by those who must follow this law

How It’s Protected  
Covered entities (healthcare providers and others who are bound by HIPAA) must:

  • put in place safeguards to protect your health information.
  • reasonably limit uses and disclosures to the minimum necessary to accomplish their intended purpose.
  • have contracts in place with their contractors and others ensuring that they use and disclose your health information properly and safeguard it appropriately.
  • have procedures in place to limit who can view and access your health information as well as implement training programs for employees about how to protect your health information.

Who Can See and Receive Your Health Information 
Your  health information can be used and shared:

  • For your treatment and care coordination
  • To pay doctors and hospitals for your health care and to help run their businesses
  • With your family, relatives, friends, or others involved with your health care or your health care bills, unless you object
  • To make sure doctors give good care and nursing homes are clean and safe
  • To protect public health, such as reporting when the flu is in your area
  • To make required reports to the police, such as reporting gunshot wounds

Unless this law allows it, your health information cannot be used or shared without your written permission. Your healthcare provider generally is not allowed to:

  • Give information to your employer
  • Use or share your information for marketing or advertising purposes
  • Share private notes about your health care

For more information about consumer privacy rights, visit the government Health & Human Services website.