Health Information Privacy Practice Act

Purpose

• The purpose of HIPAA is to legally protect a person's personal health information. The rule regulates how health care providers or other entities that have that information can give it to other people or entities.

Covered Entities

• Covered entities must follow the HIPAA rules. Covered entities are health plans, most health care providers and health care clearinghouses. Health plans include health insurance companies, HMOs, company health plans, Medicare and Medicaid.

Protected Information

• HIPAA protects most of the health information that a covered entity has about you, including your medical records, conversations your doctor has about your medical care with other medical personnel, and your information in your health insurer’s computer system.

Who Can See Your Information

• A covered entity cannot use or share your health information without your written permission, unless HIPAA allows it. Situations allowed by law include providing you with medical treatment, paying medical bills, protecting the public's health or making required reports to the police. If you identify relatives, friends or others you want involved with your health care, covered entities can share information with those people.

Your Rights

• HIPAA also gives you certain rights, including receiving a copy of your health records, correcting your health information, receiving a notice from covered entities that tells you how they may use and store your health information and receiving a report on when and why an entity shared your information.