Menu burger Close thin Facebook Twitter Google plus Linked in Reddit Email arrow-right-sm arrow-right
Tap on the profile icon to edit
your financial details.

Understanding HIPAA

One of the most time-consuming aspects of visiting a new doctor or changing your health insurance is filling out your medical history. After you’ve filled out a mountain of forms, you’ll be asked to sign a Notice of Privacy Practices, which is required by the Health Insurance Portability and Accountability Act. If you’re concerned about who has access to your medical records or how they can be used, you need to understand what protections HIPAA provides.

Find out now: How much life insurance do I need?

What is HIPAA?

The Health Insurance Portability and Accountability Act is a federal law that was passed in 1996. The law governs who can look at and receive your health information and gives you certain rights when it comes to how your information can be shared. The law also requires health care providers and insurance companies to give you a copy of the Notice of Privacy Practices.

The Notice must explain how your doctor or insurer is allowed to use your information, who they’re allowed to share it with, how to get a copy of your medical history, how to request corrections to your history if necessary, what your doctor or insurer’s legal obligations are with regard to protecting your health information and who you can contact to get more information about their privacy policies.

What Information is Protected?

Generally, any information that goes into your medical record is protected under HIPAA, whether it’s put there by your doctor, a nurse or another health care provider. This also includes any conversations your doctor has regarding your care with nurses or other medical staff. Any information that your health insurer maintains on file is also protected, as is your billing information. But the information is only protected if it’s on record with an individual or organization that’s bound by HIPAA law.

HIPAA Compliance

The types of entities that are required to adhere to HIPAA regulations can be broken into three groups: health plans, health care providers and health care clearinghouses. Health plans refers to health insurance companies, HMOs, company health plans and certain government-sponsored health plans like Medicaid and Medicare.

Generally, health care providers are required to comply with HIPAA if they conduct certain business electronically, like billing your health insurance company. This covers a wide range of health care providers, including most doctors, clinics, chiropractors, psychologists, nursing homes, dentists and pharmacies.

Health care clearinghouses are entities that process health information from one format to another. For example, they may process paper transcripts into an electronic file. Companies or businesses that perform services for one of the three covered entities must also follow certain HIPAA rules. This includes billing companies, claims processing companies, companies that help administer health plans and companies that destroy medical records.

Who Can Access Your Health Information

The HIPAA Privacy Rule limits who can view or receive your health information. It also dictates how your medical records can be used and shared. Generally, your information can be used or shared as follows:

  • To allow a health care provider to develop a treatment plan if you’re sick or injured
  • To pay doctors and hospitals for the health care services they provided you
  • To protect the public health
  • To provide necessary reports to the police if you’re injured as the result of a criminal act
  • To advise your family members, friends or anyone else you choose of your health status

Unless HIPAA regulations specify otherwise, you have to give your written permission in order for your information to be shared. This means that your doctor or insurer can’t share your health information with your employer or sell your information without your consent.

Your HIPAA Rights

Under the HIPAA guidelines, you’re granted certain rights that your doctor, insurance company or other covered entity is required to uphold. These rights include being able to get a copy of your medical records upon request; have your information corrected if necessary; get a copy of the privacy notice; decide when to grant permission for your information to be used; and get a report on when and why your information was shared for certain purposes.

Keeping your medical history safe should be a top priority and it’s important to understand what your rights are and how to protect them. If you think you’ve been denied your rights or your health information is at risk of being compromised, you can file a complaint with your health care provider or insurance company. If this doesn’t address the issue, you can also file a complaint with the Office for Civil Rights.

Photo Credit: archeshealth

Rebecca Lake Rebecca Lake is a retirement, investing and estate planning expert who has been writing about personal finance for a decade. Her expertise in the finance niche also extends to home buying, credit cards, banking and small business. She's worked directly with several major financial and insurance brands, including Citibank, Discover and AIG and her writing has appeared online at U.S. News and World Report, and Investopedia. Rebecca is a graduate of the University of South Carolina and she also attended Charleston Southern University as a graduate student. Originally from central Virginia, she now lives on the North Carolina coast along with her two children.
Was this content helpful?
Thanks for your input!