The HIPAA Privacy Rule outlines the specific rights of individuals, medical professionals, hospitals, insurers and other “covered entities” that are subject to HIPAA laws. You can learn more here.
What are the rights that HIPAA covers?
HIPAA covers the following rights for the individual:
The right to see and obtain copies of your medical records
The right to request corrections to your medical records
The right to limit who can see the information in your medical records, withhold permission for your health information to be used or shared for marketing purposes, receive a statement that discloses how your health information will be used or shared, and be alerted when your health information is shared and with whom
The right to have your health information be private and protected
The right to file a complaint with your provider, health insurer or with the U.S. Department of Health and Human Services if you believe your HIPAA rights have been violated
Who can lawfully access patient health information?
The following people can access patient health information:
Medical providers who access health information in order to provide treatment, consult with treating providers or coordinate medical care
Health insurers and medical plans, such as health insurers, company health plans, Medicare & Medicaid
Individuals involved in billing and reimbursement of your medical care
Designated individuals you have given express permission to receive your health information, such as family members or other loves ones
Public health and regulatory agencies (for population health reasons or oversight
Who cannot access patient health information?
These people can not access patient health information:
Employers, unless you provide written permission
Individuals and organizations involved in marketing, advertising or sales, unless you give written or permission
Family members or others to whom you have NOT given express written or oral permission
