HIPAA Rules Explained
New Medical Privacy Rules Meant to Protect Your Health Records
WebMD News Archive
April 22, 2003 -- HIPAA forms. You got them from your doctor. You got them from your pharmacist. You got them from your insurance company and maybe even from your employer. What's up?
Blame a deadline for the flurry of forms. On April 14, 2003, healthcare providers had to comply with HIPAA rules. On that date, everybody with access to your medical records had to be able to prove they had a plan for keeping those records private.
You had to sign a form agreeing that they told you they had a plan, and that they'll show it to you if you want to see it. And if you work for a company involved in keeping medical records, you had to show that you understood the new HIPAA rules.
Other than the forms, what's truly new? Don't look to the name for an explanation. HIPAA stands for the Health Insurance Portability and Accountability Act of 1996. The original idea was to force the healthcare industry to save money by computerizing paper records. That led to concerns over privacy -- and new privacy regulations from the Department of Health and Human Services (HHS).
Here's the bottom line: HIPAA rules give you new rights to know about -- and to control -- how your health information gets used.
- Your healthcare provider and your insurance company have to explain how they'll use and disclose health information.
- You can ask for copies of all this information, and make appropriate changes to it. You can also ask for a history of any unusual disclosures.
- If someone wants to share your health information, you have to give your formal consent.
- You have the right to complain to HHS about violations of HIPAA rules.
- Health information is to be used only for health purposes. Without your consent, it can't be used to help banks decide whether to give you a loan, or by potential employers to decide whether to give you a job.
- When your health information gets shared, only the minimum necessary amount of information should be disclosed.
Psychotherapy records get an extra level of protection.