Health care providers including doctors, hospitals, clinics, psychologists, dentists, pharmacists, insurance carriers, and nursing homes, are covered entities under HIPAA.
The Privacy Rule applies to all forms of individuals' protected health information, whether electronic, written, or oral. The Security Rule is a Federal law that requires security for health information in electronic form.
What Information Is Protected
- Information your doctors, nurses, and other health care providers put in your medical record
- Conversations your doctor has about your care or treatment with nurses and others
- Information about you in your health insurer’s computer system
- Billing information about you at your clinic
- Most other health information about you held by those who must follow these laws
When a patient files a complaint regarding a HIPAA violation, the Office of Civil Rights investigates the complaint. The organization may be found to not have had a violation, to voluntary make changes to be in compliance or to pay a fine per violation.
Health Insurers and Providers who are covered entities must comply with your right to:
- Ask to see and get a copy of your health records
- Have corrections added to your health information
- Receive a notice that tells you how your health information may be used and shared
- Decide if you want to give your permission before your health information can be used or shared for certain purposes, such as for marketing
- Get a report on when and why your health information was shared for certain purposes
- If you believe your rights are being denied or your health information isn’t being protected, you can
- File a complaint with your provider or health insurer
- File a complaint with the U.S. Government