The last time you visited a doctor’s office or hospital, you were given a privacy notice and asked to sign a form. Like many people anxious to see their physician, you likely signed the papers without fully reading or understanding them.
These forms are part of the Health Insurance Portability and Accountability Act (HIPAA) enacted by Congress in 1996. The HIPAA Privacy Rule provides federal protections for your health information and gives patients rights with respect to that information, says Brett Short, chief compliance officer at the University of Kentucky. He adds, “It also provides guidelines for the sharing of health information needed for patient care between physicians, nurses, and those involved with your care.”
The notice you sign describes the ways care providers can use and disclose your protected health information, he says. It must also explain that permission is required before using your health records for any reason generally outside treatment, payment, and healthcare operations.
HIPAA protects information collected by your provider while delivering care, Short says.
Entities covered under HIPAA include your health plan, clearing houses, and care providers such as doctors, clinics, hospitals, psychologists, chiropractors, nursing homes, pharmacies, and dentists.
Insurers and care providers covered under HIPAA must comply with your right to:
• Receive a copy of your health records.
• Request that corrections be added to your health record.
• Receive a notice that tells you how your health information can be used and shared.
• Decide if you want to give your permission for information to be used or shared for purposes such as marketing.
• Request an “accounting for disclosures,” a report on when and why your health information was shared.
For more information, go online to www.hhs.gov/ocr/privacy.