HIPAA Rules Explained
New Medical Privacy Rules Meant to Protect Your Health Records
April 22, 2003 -- HIPAA forms. You got them from your doctor.
You got them from your pharmacist. You got them from your insurance company and
maybe even from your employer. What's up?
Blame a deadline for the flurry of forms. On April 14, 2003,
healthcare providers had to comply with HIPAA rules. On that date, everybody
with access to your medical records had to be able to prove they had a plan for
keeping those records private.
You had to sign a form agreeing that they told you they had a
plan, and that they'll show it to you if you want to see it. And if you work
for a company involved in keeping medical records, you had to show that you
understood the new HIPAA rules.
Other than the forms, what's truly new? Don't look to the name
for an explanation. HIPAA stands for the Health Insurance
Portability and Accountability Act of 1996. The original
idea was to force the healthcare industry to save money by computerizing paper
records. That led to concerns over privacy -- and new privacy regulations from
the Department of Health and Human Services (HHS).
Here's the bottom line: HIPAA rules give you new rights to know
about -- and to control -- how your health information gets used.
- Your healthcare provider and your insurance company have to explain how
they'll use and disclose health information.
- You can ask for copies of all this information, and make appropriate
changes to it. You can also ask for a history of any unusual disclosures.
- If someone wants to share your health information, you have to give your
- You have the right to complain to HHS about violations of HIPAA rules.
- Health information is to be used only for health purposes. Without your
consent, it can't be used to help banks decide whether to give you a loan, or
by potential employers to decide whether to give you a job.
- When your health information gets shared, only the minimum necessary amount
of information should be disclosed.
- Psychotherapy records get an extra level of protection.
WebMD asked Kimberly Rask, MD, PhD, director the center on
health outcomes and quality at Emory University's Rollins School of Public
Health, to put HIPAA rules into perspective.
Q: What does HIPAA mean to the average person? What has
Rask: The intent is to protect the privacy of your health
information. What's different is that HIPAA puts some very specific rules in
place about when, how, and what kind of information can be shared. Also, it
makes sure that the person whose information is being shared is aware of that
Q: What will happen when we see our doctors?