Your Health Information Is Protected By Federal Law
Most of us believe that our medical and other health information is private and should be protected,
and we want to know who has this information. The Privacy Rule, a Federal law, gives you rights over your health information
and sets rules and limits on who can look at and receive your health information.
Who Must Follow This Law
We call the entities that must follow the Privacy Rule covered entities.
Covered entities include:
- Health Plans, including health insurance companies, HMOs, company health plans, and certain
government programs that pay for health care, such as Medicare and Medicaid.
- Most Health Care Providers—those that conduct certain business electronically, such as
electronically billing your health insurance—including most doctors, clinics, hospitals, psychologists, chiropractors,
nursing homes, pharmacies, and dentists.
- Health Care Clearinghouses—entities that process nonstandard health information they
receive from another entity into a standard (i.e., standard electronic format or data content), or vice versa.
-
Hide Details
Who Is Not Required to Follow This Law
Many organizations that have health information about you do not have to follow this law.
Examples of organizations that do not have to follow the Privacy Rule include:
- life insurers,
- employers,
- workers compensation carriers,
- many schools and school districts,
- many state agencies like child protective service agencies,
- many law enforcement agencies,
- many municipal offices.
Hide Details
What Information Is Protected
- Information your doctors, nurses, and other health care providers put in your medical record
- Conversations your doctor has about your care or treatment with nurses and others
- Information about you in your health insurer’s computer system
- Billing information about you at your clinic
- Most other health information about you held by those who must follow this law
Hide Details
How Is This Information Protected
- Covered entities must put in place safeguards to protect your health information.
- Covered entities must reasonably limit uses and disclosures to the minimum necessary to accomplish
their intended purpose.
- Covered entities must have contracts in place with their contractors and others ensuring that
they use and disclose your health information properly and safeguard it appropriately.
- Covered entities must have procedures in place to limit who can view and access your health information
as well as implement training programs for employees about how to protect your health information.
Hide Details
What Rights Does This Law Give Me Over My Health Information
Health Insurers and Providers who are covered entities must comply with your right to:
- Ask to see and get a copy of your health records
- Have corrections added to your health information
- Receive a notice that tells you how your health information may be used and shared
- Decide if you want to give your permission before your health information can be used or shared for
certain purposes, such as for marketing
- Get a report on when and why your health information was shared for certain purposes
- If you believe your rights are being denied or your health information isn’t being protected,
you can
- File a complaint with your provider or health insurer
- File a complaint with the U.S. Government
You should get to know these important rights, which help you protect your health information.
You can ask your provider or health insurer questions about your rights.
Learn more about your health information privacy rights. http://www.hhs.gov/ocr/privacy/index.html
|