UK HealthCare

Patient Guide to Understanding Medical Privacy Notices

By Brett Short, Chief Compliance Officer at the University of Kentucky

LEXINGTON, KY (Jan. 25, 2011) -- The last time you visited a doctor's office or a hospital, you were given a privacy notice and asked to sign a form. Like many people anxious to see their physician, you likely signed the papers without fully reading them.

These forms are part of the Health Insurance Portability and Accountability Act (HIPAA) enacted by Congress in 1996. In general, the HIPAA Privacy Rule provides federal protections for your personal health information and gives patients rights with respect to that information. It also provides guidelines for the sharing of health information needed for patient care between physicians, nurses and those involved with your care.

The notice you sign describes the ways the health care entity can use and disclose your protected health information. It must also explain that they will need your permission before using your health records for any other reason generally outside treatment, payment and health care operations.

Information protected under HIPAA includes information that is created or collected by your provider in the course of delivering care. It also includes information about you in your health insurer’s computer system, billing information, and most other health-related information about you held by entities required by law to follow these rules.

These entities covered under HIPAA generally include your health plan, clearing houses and your health care providersuch as doctors, clinics, hospitals, psychologists, chiropractors, nursing homes, pharmacies and dentists.

So what does it mean? Covered entities must reasonably limit how it uses and releases your information to accomplish their intended purpose. They must have formal agreements in place with their contractors and others ensuring that they use and disclose your health information appropriately and safeguard it.

In addition, they must have procedures that limit who can view and access your health information as well as implement training programs for employees about how to protect your health information.

HIPAA also gives you as the patient rights related to your information such as allowing you to ask to see and get a copy of your health records, request corrections added to your health information, and receive a notice that tells you how your health information could be used and shared with others.

In addition, HIPAA controls how a HIPAA Covered Entity releases information. If your employer requests health information to administer sick leavethey may ask you to provide a doctor's note or other information. However, if your employer asks your health care provider directly for information about you, your provider cannot disclose the information in response without your written authorization. 

For more information about HIPAA and health information privacy, got to http://www.hhs.gov/ocr/privacy/.