How HIPAA helps protect your privacy

September 08, 2011 By Sabrena Gregrich

If you've been to the hospital or doctor's office, you likely were given a copy of their privacy practices, then asked to sign a form stating that you received or were offered those practices.

You have HIPAA (the Health Insurance Portability and Accountability Act) to thank for the privacy practices and form. While healthcare providers have long been concerned about patient privacy, HIPAA, passed in 1996, made protecting patient information law.

Part of that law is the HIPAA Privacy Rule, which set national standards on how information like medical records and other personal health information (PHI) must be protected. PHI, according to the Privacy Rule, is “individually identifiable health information”, including:

• A person's past, present or future physical and mental health conditions
• Information about care provided to a person
• Information about payment for that care
• Other identifying information, including a person's name, address, birth date and Social Security number.

While a major goal of the Privacy Rule is to ensure that PHI is properly protected, the rule also allows for the flow of health information needed to provide quality health care. For example, if you have a blood test, the lab conducting the test must be able to send results to the doctor treating you. Under the Privacy Rule, that transfer of test results or sharing of other PHI is permissible without the patient's written authorization as long as it is for the purpose of treatment, payment, or healthcare operations.

On the other hand, the Privacy Rule prohibits the lab from sending test results to people or facilities not involved in your care, or for any other purposes that do not involve treatment, payment, or healthcare operations. In these situations, information cannot be shared without a HIPAA-compliant “Authorization for Release of Medical Information” signed by the patient or his/her legal representative.

The HIPAA Privacy Rule contains many other strict standards on how healthcare providers, health plans (including insurance companies) and certain other entities handle PHI. It also gives you the right to:

• See and get a copy of your health records
• Have corrections added to your health information
• Receive a notice telling you how your health information may be used and shared
• Get a report on when and why your health information was shared for certain purposes

If you believe your rights are being denied or your health information isn't being protected, you can file a complaint with your healthcare provider or health insurer, or with the U.S. Government.
To learn more about HIPAA, and how it affects you, visit the U.S. Department of Health and Human Services website,, and search for HIPAA.

Sabrena Gregrich is the director of Health Information Management and Privacy Officer at The Hospital of Central Connecticut.