1/19/2017

YourRightsUnderHIPAA|HHS.gov

HHS.gov

U.S.DepartmentofHealth&HumanServices

HealthInformationPrivacy

YourRightsUnderHIPAA
HHS OCR - Your Health Information, Your Rights

Mostofusbelievethatourmedicalandotherhealthinformationisprivateandshouldbeprotected,and
wewanttoknowwhohasthisinformation.ThePrivacyRule,aFederallaw,givesyourightsoveryour
healthinformationandsetsrulesandlimitsonwhocanlookatandreceiveyourhealthinformation.The
PrivacyRuleappliestoallformsofindividuals'protectedhealthinformation,whetherelectronic,written,or
oral.TheSecurityRuleisaFederallawthatrequiressecurityforhealthinformationinelectronicform.

HIPAARightofAccessVideos
OCRhasteamedupwiththeHHSOfficeoftheNationalCoordinatorforHealthITtocreateYourHealth
Information,YourRights!,aseriesofthreeshort,educationalvideos(inEnglishandoptionforSpanish
captions)tohelpyouunderstandyourrightunderHIPAAtoaccessandreceiveacopyofyourhealth
information.
IndividualsRightunderHIPAAtoAccesstheirHealthInformation
HIPAAAccessAssociatedFeesandTiming
HIPAAAccessandThirdParties

HIPAARightofAccessInfographic

https://www.hhs.gov/hipaa/forindividuals/guidancematerialsforconsumers/index.html

1/6

1/19/2017

YourRightsUnderHIPAA|HHS.gov

OCRhasteamedupwiththeHHSOfficeoftheNationalCoordinatorforHealthITtocreatethisonepage
factsheet,withillustrations,thatprovidesanoverallsummaryofyourrightsunderHIPAA:
YourHealthInformation,YourRights!PDF

HIPAAGeneralFactSheets
YourHealthInformationPrivacyRightsPDF
Privacy,Security,andElectronicHealthRecordsPDF
UnderstandingtheHIPAANoticePDF
SharingHealthInformationwithFamilyMembersandFriendsPDF

WhoMustFollowTheseLaws
WecalltheentitiesthatmustfollowtheHIPAAregulations"coveredentities."
Coveredentitiesinclude:
HealthPlans,includinghealthinsurancecompanies,HMOs,companyhealthplans,andcertain
governmentprogramsthatpayforhealthcare,suchasMedicareandMedicaid.
MostHealthCareProvidersthosethatconductcertainbusinesselectronically,suchaselectronically
billingyourhealthinsuranceincludingmostdoctors,clinics,hospitals,psychologists,chiropractors,
nursinghomes,pharmacies,anddentists.
HealthCareClearinghousesentitiesthatprocessnonstandardhealthinformationtheyreceivefrom
anotherentityintoastandard(i.e.,standardelectronicformatordatacontent),orviceversa.
Inaddition,businessassociatesofcoveredentitiesmustfollowpartsoftheHIPAAregulations.
Often,contractors,subcontractors,andotheroutsidepersonsandcompaniesthatarenotemployeesofa
coveredentitywillneedtohaveaccesstoyourhealthinformationwhenprovidingservicestothecovered
entity.Wecalltheseentitiesbusinessassociates.Examplesofbusinessassociatesinclude:
Companiesthathelpyourdoctorsgetpaidforprovidinghealthcare,includingbillingcompaniesand
companiesthatprocessyourhealthcareclaims
Companiesthathelpadministerhealthplans

https://www.hhs.gov/hipaa/forindividuals/guidancematerialsforconsumers/index.html

2/6

1/19/2017

YourRightsUnderHIPAA|HHS.gov

Peoplelikeoutsidelawyers,accountants,andITspecialists
Companiesthatstoreordestroymedicalrecords
Coveredentitiesmusthavecontractsinplacewiththeirbusinessassociates,ensuringthattheyuseand
discloseyourhealthinformationproperlyandsafeguarditappropriately.Businessassociatesmustalso
havesimilarcontractswithsubcontractors.Businessassociates(includingsubcontractors)mustfollowthe
useanddisclosureprovisionsoftheircontractsandthePrivacyRule,andthesafeguardrequirementsof
theSecurityRule.

WhoIsNotRequiredtoFollowTheseLaws
Manyorganizationsthathavehealthinformationaboutyoudonothavetofollowtheselaws.
ExamplesoforganizationsthatdonothavetofollowthePrivacyandSecurityRulesinclude:
Lifeinsurers
Employers
Workerscompensationcarriers
Mostschoolsandschooldistricts
Manystateagencieslikechildprotectiveserviceagencies
Mostlawenforcementagencies
Manymunicipaloffices

WhatInformationIsProtected
Informationyourdoctors,nurses,andotherhealthcareprovidersputinyourmedicalrecord
Conversationsyourdoctorhasaboutyourcareortreatmentwithnursesandothers
Informationaboutyouinyourhealthinsurerscomputersystem
Billinginformationaboutyouatyourclinic
Mostotherhealthinformationaboutyouheldbythosewhomustfollowtheselaws

HowThisInformationIsProtected
https://www.hhs.gov/hipaa/forindividuals/guidancematerialsforconsumers/index.html

3/6

1/19/2017

YourRightsUnderHIPAA|HHS.gov

HowThisInformationIsProtected
Coveredentitiesmustputinplacesafeguardstoprotectyourhealthinformationandensuretheydonot
useordiscloseyourhealthinformationimproperly.
Coveredentitiesmustreasonablylimitusesanddisclosurestotheminimumnecessarytoaccomplish
theirintendedpurpose.
Coveredentitiesmusthaveproceduresinplacetolimitwhocanviewandaccessyourhealth
informationaswellasimplementtrainingprogramsforemployeesabouthowtoprotectyourhealth
information.
Businessassociatesalsomustputinplacesafeguardstoprotectyourhealthinformationandensure
theydonotuseordiscloseyourhealthinformationimproperly.

WhatRightsDoesthePrivacyRuleGiveMeoverMyHealthInformation?
Healthinsurersandproviderswhoarecoveredentitiesmustcomplywithyourrightto:
Asktoseeandgetacopyofyourhealthrecords
Havecorrectionsaddedtoyourhealthinformation
Receiveanoticethattellsyouhowyourhealthinformationmaybeusedandshared
Decideifyouwanttogiveyourpermissionbeforeyourhealthinformationcanbeusedorsharedfor
certainpurposes,suchasformarketing
Getareportonwhenandwhyyourhealthinformationwassharedforcertainpurposes
Ifyoubelieveyourrightsarebeingdeniedoryourhealthinformationisntbeingprotected,youcan
Fileacomplaintwithyourproviderorhealthinsurer
FileacomplaintwithHHS
Youshouldgettoknowtheseimportantrights,whichhelpyouprotectyourhealthinformation.
Youcanaskyourproviderorhealthinsurerquestionsaboutyourrights.
LearnmoreaboutyourhealthinformationprivacyrightsPDF.

WhoCanLookatandReceiveYourHealthInformation
https://www.hhs.gov/hipaa/forindividuals/guidancematerialsforconsumers/index.html

4/6

1/19/2017

YourRightsUnderHIPAA|HHS.gov

WhoCanLookatandReceiveYourHealthInformation
ThePrivacyRulesetsrulesandlimitsonwhocanlookatandreceiveyourhealthinformation
Tomakesurethatyourhealthinformationisprotectedinawaythatdoesnotinterferewithyourhealth
care,yourinformationcanbeusedandshared:
Foryourtreatmentandcarecoordination
Topaydoctorsandhospitalsforyourhealthcareandtohelpruntheirbusinesses
Withyourfamily,relatives,friends,orothersyouidentifywhoareinvolvedwithyourhealthcareoryour
healthcarebills,unlessyouobject
Tomakesuredoctorsgivegoodcareandnursinghomesarecleanandsafe
Toprotectthepublic'shealth,suchasbyreportingwhenthefluisinyourarea
Tomakerequiredreportstothepolice,suchasreportinggunshotwounds
Yourhealthinformationcannotbeusedorsharedwithoutyourwrittenpermissionunlessthislawallowsit.
Forexample,withoutyourauthorization,yourprovidergenerallycannot:
Giveyourinformationtoyouremployer
Useorshareyourinformationformarketingoradvertisingpurposesorsellyourinformation
SignUpfortheOCRPrivacyListserv
KeepuptodateasOCRreleasesupdatedhealthinformationprivacyFAQs,guidance,andtechnical
assistancematerials.

HealthInformationPrivacyInformationinMultipleLanguages
Chinese
SimplifiedChinese
Korean

https://www.hhs.gov/hipaa/forindividuals/guidancematerialsforconsumers/index.html

5/6

1/19/2017

YourRightsUnderHIPAA|HHS.gov

PolskiPolish
PRussian
EspaolSpanish
Tagalog(Filipino)
TingVitVietnamese

ContentcreatedbyOfficeforCivilRights(OCR)

https://www.hhs.gov/hipaa/forindividuals/guidancematerialsforconsumers/index.html

6/6