Skip to content
My WebMD Sign In, Sign Up

50+: Live Better, Longer

Font Size

HIPAA Rules Explained

New Medical Privacy Rules Meant to Protect Your Health Records
By
WebMD Health News

April 22, 2003 -- HIPAA forms. You got them from your doctor. You got them from your pharmacist. You got them from your insurance company and maybe even from your employer. What's up?

Blame a deadline for the flurry of forms. On April 14, 2003, healthcare providers had to comply with HIPAA rules. On that date, everybody with access to your medical records had to be able to prove they had a plan for keeping those records private.

You had to sign a form agreeing that they told you they had a plan, and that they'll show it to you if you want to see it. And if you work for a company involved in keeping medical records, you had to show that you understood the new HIPAA rules.

Other than the forms, what's truly new? Don't look to the name for an explanation. HIPAA stands for the Health Insurance Portability and Accountability Act of 1996. The original idea was to force the healthcare industry to save money by computerizing paper records. That led to concerns over privacy -- and new privacy regulations from the Department of Health and Human Services (HHS).

Here's the bottom line: HIPAA rules give you new rights to know about -- and to control -- how your health information gets used.

  • Your healthcare provider and your insurance company have to explain how they'll use and disclose health information.
  • You can ask for copies of all this information, and make appropriate changes to it. You can also ask for a history of any unusual disclosures.
  • If someone wants to share your health information, you have to give your formal consent.
  • You have the right to complain to HHS about violations of HIPAA rules.
  • Health information is to be used only for health purposes. Without your consent, it can't be used to help banks decide whether to give you a loan, or by potential employers to decide whether to give you a job.
  • When your health information gets shared, only the minimum necessary amount of information should be disclosed.
  • Psychotherapy records get an extra level of protection.

WebMD asked Kimberly Rask, MD, PhD, director the center on health outcomes and quality at Emory University's Rollins School of Public Health, to put HIPAA rules into perspective.

Q: What does HIPAA mean to the average person? What has changed?

Rask: The intent is to protect the privacy of your health information. What's different is that HIPAA puts some very specific rules in place about when, how, and what kind of information can be shared. Also, it makes sure that the person whose information is being shared is aware of that possibility.

Q: What will happen when we see our doctors?

Today on WebMD

Senior man doing press ups in gym
Slideshow
reflection of couple kissing
Quiz
 
man reviewing building plans
Quiz
Women working out and walking with weights
Community
 
fast healthy snack ideas
Article
how healthy is your mouth
Tool
 
dog on couch
Tool
doctor holding syringe
Slideshow
 
champagne toast
Slideshow
Youth listening to headphones
Slideshow
 
Man feeding woman
Slideshow
two senior women laughing
Article