Resources & Information

The HIPAA Privacy Rule outlines the specific rights of individuals, medical professionals, hospitals, insurers and other “covered entities” that are subject to HIPAA laws. You can learn more here.

HIPAA covers the following rights for the individual:

The right to see and obtain copies of your medical records
• The right to request corrections to your medical records
• The right to limit who can see the information in your medical records, withhold permission for your health information to be used or shared for marketing purposes, receive a statement that discloses how your health information will be used or shared, and be alerted when your health information is shared and with whom
• The right to have your health information be private and protected
• The right to file a complaint with your provider, health insurer or with the U.S. Department of Health and Human Services if you believe your HIPAA rights have been violated

The following people can access patient health information:

• Medical providers who access health information in order to provide treatment, consult with treating providers or coordinate medical care
• Health insurers and medical plans, such as health insurers, company health plans, Medicare & Medicaid
• Individuals involved in billing and reimbursement of your medical care
• Designated individuals you have given express permission to receive your health information, such as family members or other loves ones
• Public health and regulatory agencies (for population health reasons or oversight

These people can not access patient health information:

• Employers, unless you provide written permission
• Individuals and organizations involved in marketing, advertising or sales, unless you give written or permission
• Family members or others to whom you have NOT given express written or oral permission