HIPAA: Protecting Personal Health Information
HIPAA is a set of rules that protects the privacy and security of personal health information (PHI). PHI includes identifying details such as names, addresses, and medical conditions. It can be in digital or paper form.
Covered Entities and Business Associates
A covered entity is a health care provider, insurance company, or health plan that handles your PHI and must comply with the HIPAA rules. Business associates are vendors that work with a covered entity to provide services or support the handling of your PHI. These vendors must have a contract that meets the requirements of HIPAA or be prohibited from accessing or using your information.
You can check if your company is a covered entity or a business associate online by visiting the HHS web tool. You can also use this website to find out if you need to be compliant with the HIPAA Privacy Rule or Security Rule.
Your Rights to Your Health Information
The HIPAA Privacy Rule provides protections for individually identifiable health information, such as your name, date of birth, address, medical record number, or Social Security Number. It applies to the transmission, storage, and disclosure of your PHI by any HIPAA-covered entity or BA, including companies and government agencies.
Your Rights to Your Electronic Protected Health Information
The Security Rule provides additional safeguards for electronically transmitted PHI. It requires covered entities to implement security policies, procedures, and controls to protect your PHI.
Your Rights to Receive a Copy of Your PHI
You have the right to obtain a copy of all the information in your medical file unless the law says otherwise. The law also lets you request changes to your PHI if you believe that it is inaccurate or incomplete.
Your Rights to Your Medical Records
You should be able to receive a copy of your medical files within 60 days of the receipt of a written request from you or your attorney if requested by your doctor. If you do not want to receive a copy, you have the right to withdraw your consent for treatment or payment.
Your Rights to Your ePHI
The HIPAA Security Rule also provides you with the right to obtain a copy of your ePHI. It allows you to request a copy of any electronic file that contains your PHI, including a file that was downloaded by a third party or that is stored on an unsecured computer.
Your Rights to Your Physical Information
You can request a copy of your medical records in paper or digital form if you believe that they are inaccurate or incomplete. This can be a very useful tool for your doctor or other healthcare professional to refer back to when they are working with you.
Your Rights to Your Electronic ePHI
You have the right to receive a copy of any electronic file that contains a record of your health information, including any data you create or input into an electronic health record system. This can be a very useful tool when your doctor or other healthcare professional is working with you to develop an effective treatment plan.