Protecting the Privacy and Security of Your Health Information
The privacy and security of patient health information is a top priority for patients and their families, health care providers and professionals, and the government. Federal laws require many of the key persons and organizations that handle health information to have policies and security safeguards in place to protect your health information — whether it is stored on paper or electronically.
The (HIPAA) Privacy, Security, and Breach Notification Rules are the main Federal laws that protect your health information. The Privacy Rule gives you rights with respect to your health information. The Privacy Rule also sets limits on how your health information can be used and shared with others. The Security Rule sets rules for how your health information must be kept secure with administrative, technical, and physical safeguards.
You may have additional protections and health information rights under your State's laws. There are also Federal laws that protect specific types of health information, such as .
Your Health Information Rights
The (HIPAA) Privacy Rule provides you with health information privacy rights. These rights are important for you to know. You can exercise these rights, ask questions about them, and file a complaint if you think your rights are being denied or your health information isn't being protected.
Accessing Your Health Information
You have the right to receive copies of your health information from your doctor and from other providers, such as physical therapists and social workers. If your health care provider keeps your records electronically, you have a right to receive them in either electronic or paper form.
Your Privacy Rights
If you believe your health information privacy has been violated, the U.S. Department of Health and Human Services has a division, the , to educate you about your privacy rights, enforce the rules, and help you file a complaint.
Your Health Information Security
Health care providers and other key persons and organizations that handle your health information must protect it with passwords, encryption, and other technical safeguards. These are designed to make sure that only the right people have access to your information.