Health Record Privacy

Health Record Privacy
Photo by National Cancer Institute / Unsplash

HIPAA (Health Insurance Portability and Accountability Act of 1996)

The Privacy Rule of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires that healthcare providers and healthcare insurance companies safely store and transfer individually identifiable health information, or protected health information, as well as use reasonable diligence when accessing or using a person’s protected health information. HIPAA dedicates two sections of its Act to its Privacy and Security rules, and enforces those sections through criminal and civil penalties.

Health Care providers must:
+ Safely store your protected health information to protect from loss, breach, theft, compromise, or improper disposal
+ Not unnecessarily use or disclose protected health information
+ Obtain authorization to use or disclose your personal data for reasons other than treatment, processes related to obtaining payment, or procedure purposes
+ Protect health information whether electronic or physical records

Individuals have the right:
+ To make requests and obtain timely access to protected health information for which they are subject of, such as a personal health records
+ To authorize the transfer or disclosure of their protected health information to organizations which will assist in treatment, or maintaining or storing of such records

Certain organizations that do not have to follow the Privacy and Security laws include:
+ Life insurers
+ Employers
+ Workers compensation carriers
+ Schools and school districts
+ State agencies
+ Law enforcement agencies
+ Municipal offices

The HITECH section of HIPAA emphasizes the security requirements of HIPAA, requiring that should a breach affecting 500 or more persons occur, an organization must provide notification of the compromise to each affected person. A breach occurs when a person’s protected health information is accessed without authorization.

To learn more, please visit: