The Health Insurance Portability and Accountability Act (HIPAA) of 1996 was enacted to protect your private information while allowing the transfer of health information to ensure that each individual receives high-quality health care.
What information is protected?
HIPAA protects “all individually identifiable health information held or transmitted by a covered entity or its business associate, in any form of media, whether electronic, paper or oral.”
This information includes demographic data that relates to the individual’s past, present or future physical or mental health. Any information that can identify a patient is protected by law.
It can include
- a patient’s name, social security number, or telephone number
- a medical record
- specific dates such as birth, admission, discharge or death
- the provision of healthcare to an individual
- the payment for health care or billing information
Where can this information be found?
Identifiable information can be found on computers, laptops, servers, paper files, smartphones, copier and printer memory queues, medical devices and USBs.
Who must comply with HIPAA?
Any person or organization that stores or exchanges individually identifiable health information electronically is required to comply with HIPAA such as a health care provider and their suppliers and vendors.
What are my rights as a patient?
Not only does HIPAA protect your privacy, but it also gives you the right to look at and obtain a copy of your health records. You also have the right to request corrections to your records.
What are my rights as an employee?
In most cases, HIPAA does not apply to the actions of an employer. The Privacy Rule does not protect your employment records, even if the information in those records is related to your health. Your employer can ask you for a doctor’s note or other details if they need the information for sick leave, workers’ compensation, wellness programs or health insurance. If your employer asks your health care provider directly for the information, it cannot be provided without your authorization, unless other laws require action.
HIPAA protects the confidentiality and privacy of patient records and other patient identifiable information in any form. The Department of Health and Human Services enforces the Privacy Rule. If you believe that your information was shared without your consent, contact your lawyer for assistance with your case.