Medical Records: Privacy Issues
There is a federal law, the Health Insurance Portability and Accountability Act (HIPAA) that gives you the right to keep your health information private. HIPAA and some state laws affect how your health information can be used or shared.
What Are Your Rights?
Health care providers and health insurers who are required to follow HIPAA must comply with your right to:
Ask to see and get a copy of your health records
Have errors in your health records corrected
Receive notice on how your health information can be used or shared
Decide if you want to allow your health information to be used or shared
Get a report on when and why your health information was shared
File a complaint with your provider or with the federal Department of Health Human Services if you believe your rights are violated or your health information is not being protected
While you must give your written permission for the use or sharing of your health information to your employer or mental health counselors or for marketing or advertising purposes, your health information can be used and shared without your permission for the following purposes:
Your treatment and the coordination of care
Payments to health care professionals for your care and treatment
Family members and friends that you identify as being involved in your health care or health care bills
Ensure that you are provided good care by doctors and a clean and safe environment in nursing homes
Protect the public health by reporting flu and virus incidents in your area
Make required public safety reports such as gunshot wounds
What Information Is Protected?
HIPAA requires the following health and medical information be protected from unauthorized use or sharing:
Information placed in your medical records by health care professionals
Conversations that your doctor has with other health care professionals about your care and treatment
Information about you that is stored in your health insurer’s data systems
Billing information about you
Any other health information that is kept by those who must comply with HIPAA
Who Must Comply with HIPAA?
The following people or entities are required to protect you public health information and to comply with HIPAA privacy safeguards:
Doctors, nurses, pharmacies, hospitals, medical clinics, nursing homes and other health care providers
Health insuring organizations including insurance companies, health maintenance organizations (HMOs), independent physician associations and provider networks
Medicare, Medicaid and other state and federal government programs that pay for health care
If you believe that your health information privacy rights are being violated, you can file a HIPAA privacy complaint with the federal Department of Health and Human Services.