Skip to content

HIPAA and your federal health information protection explained

16 May 2011

The Health Insurance Portability and Accountability Act (HIPAA) provides rights and protections for participants and beneficiaries in group health plans. The Privacy Rule, a federal law, grants consumers rights over health information and promulgates rules and limitations on who can look at and receive personal health information. The Privacy Rule applies to all forms of individuals’ protected health information, whether electronic, written, or oral.

The Security Rule, a Federal law that protects electronic health information, requires HIPAA-covered entities to ensure that electronic protected health information is secure.

Additionally, HIPAA includes protections limiting exclusions for preexisting conditions; prohibits discrimination against employees and dependents based on health status; and allows an opportunity to enroll in a new plan to individuals in certain circumstances. HIPAA may also grant a right to purchase individual coverage if no group health plan coverage is available, and for those who may have exhausted COBRA or other types of continuation coverage.

You have the right to receive a copy of your health records

You can ask to see and get a copy of your medical records and other health information. In most cases, copies must be provided within 30 days of being requested, though there may be a fee associated with the cost of copying and mailing.

You can ask to have corrections made to your health information

You can ask that any misinformation in your medical records be corrected, or you may request to add information to an incomplete file. For example, if you and your hospital agree that your file has the wrong result for a test, the hospital must change it. Even if the hospital believes the test result is correct, you still have the right to note your disagreement in your file. In most cases the file should be changed within 60 days of the request to amend or change.

You can receive a notice that tells you how your health information is used and shared. Your provider or insurer must give you a notice that tells you exactly how they may use and share your health information. In most cases, you should receive this notice on your first visit to a provider, or in the mail from your health insurer. Additionally, you may request a copy at any time.

You can decide whether to give your permission before your information can be used or shared

Generally speaking, your health information cannot be given to your employer, used, or shared for things like sales calls or advertising, or used or shared for any other purposes unless you grant express permission by signing an authorization form. This authorization form must tell you who will receive your information and what that information will be used for.

Who must follow this law?

Most doctors, nurses, pharmacies, hospitals, clinics, nursing homes, and other health care providers must follow this law. Also required to comply are health insurance companies, HMOs, most employer group health plans, and certain government programs such as Medicare and Medicaid.

Who may receive and view your health information

To ensure your health information is protected in a way that does not interfere with treatment, your information can be used and shared:

  • For treatment and care coordination;
  • To compensate doctors and hospitals for your health care and help run their businesses;
  • With your family, relatives, friends, or others you identify who are involved with your health care or payment, unless you object;
  • To ensure doctors give good care and nursing homes are clean and safe;
  • To protect the public’s health, such as by reporting when there is a flu outbreak; and
  • For mandatory reports to the police, such as reporting gunshot wounds. 

Your health information cannot be used or shared without your written permission unless this law allows it.

For example, without your authorization, your provider generally cannot:

  • Give your information to your employer;
  • Use or share your information for marketing or advertising purposes; or
  • Share private medical notes about your specific health care. 

You may request that your information not be shared

You can ask your provider or health insurer not to share your health information with certain people, groups, or companies, such as with other doctors or nurses in a particular hospital or clinic. However, they do not have to agree to do what you ask.

You have the right to file a complaint

You may file a complaint with your provider or health insurer if you suspect your information was used or shared in a way that is disallowed under the privacy law, or if you feel you were unable to exercise your legal rights.

Who Is Not Required to Follow These Laws

  • Life insurers;
  • Workers’ compensation carriers;
  • Most schools and school districts;
  • Many state agencies, such as child protective services;
  • Most law enforcement agencies; and
  • Many municipal offices. 

When you make an original visit to a doctor’s office, hospital, or other health care provider, you should be given a copy of your HIPAA rights, which you will be asked to sign. Make sure you read the entire document carefully, understand it, and request a copy for your own records.

Helpful links:

How to file a complaint

HIPAA FAQs

Notice of privacy practices

Summary of HIPAA privacy rule (PDF)

U.S. Department of Labor HIPAA pages

Sami K. Hartsfield, ACP is a freelance writer and paralegal in Houston. She holds a degree in paralegal studies with a 4.0 GPA and a bachelor of science degree in political science, graduating summa cum laude. Sami interned with Texas’ 14th Court of Appeals under Chief Justice Adele Hedges, and completed the University of Houston Law Center’s Summer 2008 Prelaw Institute. She is preparing to enter law school in the fall and holds a national advanced paralegal certification as well as six specialty certifications: Discovery; Trial Practice; Contracts Management; Individual & Entity Medical Liability; and Social Security Disability Law. You can find her on Facebook and e-mail her with questions, comments, or ideas at LegallyBlog@yahoo.com.

Sami Hartsfield

  

LegallyBlog® on Facebook

Protected by Copyscape Unique Content Check

 Copyright 2011 Sami K. Hartsfield – All Rights Reserved

Advertisements

From → Consumer Law POV

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: