How is my health information protected by HIPAA?

Doctors, hospitals and other health care providers must get your permission before they share your health information with other health care providers. You generally sign a consent form the first time you visit a doctor or other provider. You only have to sign the form once with each new provider.

The Health Insurance Portability and Accountability Act (HIPAA) sets the standards for protecting the confidentiality of your medical records. For example, HIPAA does not prevent your doctor from consulting with a specialist or hospital about your case. However, under HIPAA your doctor cannot discuss your health information with family members or other people unless it’s an emergency, the family member is caring for you, or you have authorized the family member to discuss your medical history and treatment. In addition, a health care provider or insurance company is not permitted to share your health records with a potential lender or employer.

The people and organizations required to follow the HIPAA Privacy and Security Rules must do the following:

  • Follow the rules about who can look at, receive and share your health information.
  • Reasonably limit uses and sharing to the minimum necessary amount needed to accomplish their intended purpose. However, providers may disclose more than the minimum necessary when they are sharing information for treatment purposes.
  • Have agreements in place with their service providers to ensure that they only use and share your health information according to the law.
  • Have procedures in place to limit who can access your health information as well as implement training programs for employees about how to protect your health information.
  • Put in place administrative, technical and physical safeguards to protect your health information.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) privacy protections apply to your "individually identifiable health information." This information can include:

  • Information your doctors, nurses and other healthcare providers put in your medical record
  • Conversations your doctor has about your care or treatment with nurses and others
  • Information about you in your health insurer's computer system
  • Billing information about you at your clinic
  • Information used by companies or individuals that provide data, billing or other services to doctors, hospitals, health insurers and other healthcare organizations. This includes computer and data services providers, accountants and other professional services firms.

When this information is held by an individual or organization that must follow HIPAA, it is called "protected health information."

The HIPAA Security Rule protections apply to electronic protected health information.

Continue Learning about Health Insurance

How to Break the Health Insurance-Stress Cycle
How to Break the Health Insurance-Stress Cycle
The plot of the TV series Breaking Bad hinged on the premise that overwhelming stress caused by out-of-pocket costs for cancer treatment could turn a ...
Read More
Can I revoke my authorization to share my health information?
Dr. Michael Roizen, MDDr. Michael Roizen, MD
Under the Health Insurance Portability and Accountability Act (HIPPA) rules, you have the right to r...
More Answers
What is term life insurance?
Maria Ferrante-SchepisMaria Ferrante-Schepis
As the name suggests, term life insurance is meant to be held for a specific period of time (the “te...
More Answers
How Important Is the Patient-Doctor Relationship?
How Important Is the Patient-Doctor Relationship?

Important: This content reflects information from various individuals and organizations and may offer alternative or opposing points of view. It should not be used for medical advice, diagnosis or treatment. As always, you should consult with your healthcare provider about your specific health needs.