Privacy in health care

What is HIPAA and what does it mean for you? 

WHEN VISITING YOUR DOCTOR’S OFFICE, you likely sign a lot of paperwork, including a privacy notice. But like many people, you might sign your signature without fully reading the papers.

These forms are part of the Health Insurance Portability and Accountability Act (HIPAA) enacted in 1996. In general, the HIPAA Privacy Rule provides federal protections for your personal health information and gives you rights as a patient with respect to that information. It also provides guidelines for the sharing of information among medical professionals when needed for patient care. 

The notice you sign at registration describes the ways the health care entity can use and disclose your protected health information. The primary uses permitted under HIPAA are for treatment, payment and operations. 

Protected information includes what is created or collected by your provider while delivering care. It also includes information about you in your health insurer’s computer system, billing information, and most other health-related information about you kept by groups that are required by law to follow these rules. 

So, what does it mean? Covered entities must reasonably limit how they use and release your information. They must have formal agreements in place with contractors and others ensuring they use and disclose your health information appropriately and safeguard it. 

They also must have procedures that limit who can view and access your health information and implement training programs for employees about how to protect your information. In our interconnected world, these protections facilitate access to patient information for treatment purposes while still setting important privacy and security standards for all health care providers to follow. 

For more information about HIPAA and health information privacy, go to www.hhs.gov/ocr/privacy.

RICHARD CHAPMAN is chief privacy officer at UK HealthCare.