The HIPAA privacy rule protects individual’s medical records and other personal health information and applies to health plans, a health care clearinghouse, and those health care providers that conduct certain health care transactions electronically. The requirement under the rule is to establish safeguards to protect the privacy of personal health information and sets limits on the uses and disclosures that may be made of private health information without the patient’s authorization. HIPAA specifically requires covered entities to have written private policies, employee training, and a privacy officer. A covered entity includes a health plan, a healthcare clearinghouse, or a health care provider who transmits any health information in electronic form in connection with the transaction covered by the subchapter of the statute. 45 CFR. § 160.103. There are certain patient protections under the privacy rule that are established which are access to medical records, notice of privacy practices, limits on use of personal medical information, prohibition on marketing, stronger state laws, confidential communications, and the ability to file complaints directly with the health care provider or with the office of civil rights.

Who Must Follow This Law?

All doctors, nurses, pharmacies, hospitals, clinics, nursing homes and other health care providers must follow HIPAA privacy laws. This also includes health insurance companies, HMO’s and most employer group health plans. Also included are certain government programs that pay for health care such as Medicare and Medicaid.

What Information is Protected?

All information from your doctors, nurses and other health care providers that are put into your medical record. Also protected are conversations with your doctor regarding your health care or treatment, as well as conversations with your nurses and other health care professionals. Protected information also includes all information about you in your health insurer’s computer system, billing information about you from your clinic or health care provider and almost all other health information about you that are held by the covered entities. It is important that health care providers that are covered under HIPAA take proactive measures to make sure that they are in compliance with the law. This means teaching employees about the law including how information from a patient may or may not be used and taking appropriate and reasonable steps to keep patients health information secure.