What is HIPAA, and what rights does it grant me?

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) protects your health information when it is held by most healthcare providers, health insurers and other organizations operating on behalf of your healthcare provider or health plan. However, it's also important to protect health information that you control. While the HIPAA Privacy and Security Rules are in place to protect and secure your health information when it is held by your healthcare provider (such as your doctor or hospital) or health insurance company, those laws do not apply if you share your health information with an organization that is not covered by HIPAA.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule establishes Federal protections for your health information by placing some limits on how it may be used and shared. You play an important role in controlling who has access to your health information in many situations.

Privacy protections apply to your "individually identifiable health information," which means:
  • Information that relates to the individual's past, present or future physical or mental health or condition; to the provision of health care to an individual; or to past, present or future payment for the provision of health care to the individual
  • Information that identifies the individual, or for which there is a reasonable basis to believe it can be used to identify the individual
 Dr. Kathleen Handal, MD
Emergency Medicine
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law enacted to protect your privacy. Understand that the information put in your file during your hospital visit is only accessible to people who need to know about you, including your health insurer. So tests, lab reports, doctor’s notes, and even conversations you have with the doctors and nurses are confidential. This law also gives you the right to access your health records. If you determine incorrect information has been included in your file, there are steps you can take to ask for corrections.

Sounds great, but there’s a flip side. When someone calls the ER to find out how you’re doing, no one can tell them you’re there or how you’re doing without your permission. You will be asked to specify who the medical staff can talk to about your status.
Doc's ER Survival Guide (DocHandal's Guides)

More About this Book

Doc's ER Survival Guide (DocHandal's Guides)

Few people get through life without at least one trip to the emergency room (ER), either as a patient or support person for a family member or friend. Doc’s ER Survival Guide is designed to help...
HIPAA stands for the Health Insurance Portability and Accountability Act of 1996. HIPAA established special protections for certain people -- called "federally eligible individuals" or "HIPAA eligible individuals" -- when they lose group health coverage. Once people become HIPAA-eligible, they are guaranteed an offer of at least two health insurance policies that do not impose pre-existing condition exclusion periods. HIPAA is silent on what people can be charged for such coverage.

HIPAA's requirement to guarantee issue coverage with no pre-existing conditions varies between states. In some states, HIPAA rules apply to all private insurance companies that sell coverage in the individual health insurance market. Some states, however, have made alternative arrangements to guarantee these HIPAA protections only from the state high-risk pool. Private insurers in these states are still free to medically underwrite their policies and deny applicants and impose pre-ex periods, even for HIPAA eligible individuals.

A number of states also limit how much insurers can charge HIPAA eligible individuals (and often other residents) for coverage.
Dr. Michael Roizen, MD
Internal Medicine

HIPAA, though it sounds like it might be a female hippo, is actually short for the Health Insurance Portability and Accountability Act of 1996. HIPAA protects the privacy of your medical records since the law states that it is illegal to share your health information with anyone not involved with your care, unless you give the A-OK in writing.

HIPAA also gives you a number of important rights, including:

  • The right to see and get a copy of your healthcare records.
  • The right to get written information that tells you how your health
           information may be used and shared.
  • The right to know when and why your healthcare information was
  • The right to have your healthcare records corrected.
  • The right to decide if you want to allow your healthcare information
           to be used or shared for purposes such as for marketing.


Dr. Mehmet Oz, MD
Cardiology (Cardiovascular Disease)
In April 2003, when the government passed the Health Insurance Portability and Accountability Act (HIPAA), it was meant to improve both the confidentiality and accessibility of your medical file.

Specifically, HIPAA gives you the right to…
  1. Access. You can see, supplement, and copy your health records. If you want to review your medical records, request them by contacting the doctor's office or hospital where you were treated. Usually you'll sign a "release of information" form; it may ask you to specify the information you want.
  2. Change. You can request that your medical records be amended if they're incorrect. You can do this by contacting the health professional who made the entry (such as your doctor) or the health information management staff member at a larger medical office or hospital. If your request is denied, you can have your written request put in your file.
  3. Complain. If your privacy has been violated, you can file a complaint with the person at your doctor's office, hospital, or insurance company who's responsible for handing privacy issues. If that doesn't give you satisfaction, you can formally complain to the Department of Health and Human Services Office for Civil Rights by calling 800-368-1019 or clicking on
  4. Be updated. Your doctors, hospitals, and insurance companies are required to inform you about their privacy practices. You'll probably receive the notice on your first visit.
  5. Restrict. You can request that the use and disclosure of your health information be restricted to certain purposes. Your doctor or hospital doesn't have to agree to your request, however, and may still be legally forced to share your info in certain circumstances (in case, say, you have a communicable disease or one that's recorded in state records). This aspect of HIPAA didn't represent a huge change from the confidentiality practices that had long existed in medicine.
YOU: The Smart Patient: An Insider's Handbook for Getting the Best Treatment

More About this Book

YOU: The Smart Patient: An Insider's Handbook for Getting the Best Treatment

Everyone needs to become a smart patient. In fact, in the worst cases, your life may even depend on it. Number one bestselling authors and doctors Michael Roizen and Mehmet Oz have written this...

Continue Learning about Health Insurance

Healthcare Generosity has Overwhelming Benefits for You and Society
Healthcare Generosity has Overwhelming Benefits for You and Society
In tough times, lots of folks think when it comes to healthcare, tightening the purse strings, letting folks fend for themselves and advocating tough ...
Read More
Can I have a HRA and a healthcare FSA to cover healthcare costs?
Your employer may choose to offer you a health care flexible spending account (health FSA) as well a...
More Answers
How do I qualify for a Health Savings Account (HSA)?
To open a health savings account (HSA), you must meet the following requirements, according to the I...
More Answers
Health Insurance: Using Data to Improve Health Outcomes
Health Insurance: Using Data to Improve Health Outcomes

Important: This content reflects information from various individuals and organizations and may offer alternative or opposing points of view. It should not be used for medical advice, diagnosis or treatment. As always, you should consult with your healthcare provider about your specific health needs.