HRtools.com
Home / Resource Center
What privacy rights do individuals have under HIPAA?

What privacy rights do individuals have under HIPAA?

HIPAA's privacy requirements aim to provide strong privacy protections without interfering with Americans' access to quality health care. The regulation empowers patients by guaranteeing them access to their medical records, giving them more control over how their protected health information is used and disclosed, and providing a clear avenue of recourse if their medical privacy is compromised.

Specifically, individuals have the right to:

  1. obtain a notice of how a covered entity will use and disclose their protected health information;

  2. request restrictions on the uses and disclosures of their protected health information for treatment, payment and health care operations;

  3. request restrictions on the uses and disclosures of their protected health information for which neither a consent nor authorization is required;

  4. access, inspect and copy their health information;

  5. request an amendment to their health information; and

  6. request an accounting of disclosures of their protected health information.

Effective February 17, 2010, covered entities must comply with restrictions requested by individuals on the disclosure of their PHI if the disclosure is to a health plan for purposes of payment or health care operations (not treatment) and the PHI pertains to a health care item for which the provider has been paid out-of-pocket in full.

Electronic records. Effective February 17, 2010, an individual has the right to get a copy of his or her electronic PHI, and may direct the covered entity to transmit a copy to a designated entity or person. Fees charged by the covered entity may not exceed applicable labor costs.

An individual also has the right to receive an accounting of electronic health record disclosures made by the covered entity (or business associate) during the previous three years. For covered entities that acquired an electronic health record as of January 1, 2009, this accounting requirement applies to disclosures made from the record on and after January 1, 2014. For covered entities that acquire an electronic health record after January 1, 2009, the requirement applies to disclosures made from the record on the later of January 1, 2011, or the date it acquires the electronic health record.

Reprinted with permission. © CCH
<p>HIPAA's privacy requirements aim to provide strong privacy protections without interfering with Americans' access to quality health care.</p>

Please Login

You are currently not logged in. Please login for full content.

Email Address*
Password*
  

Or click here to sign up today!

As a registered user, you get member's only access to these valuable resources and more:

  • 742 forms and checklists for everything from the objectives of a benefits program to facilitating an employee’s return to work after an injury
  • 1,820 state law documents to keep you updated on laws that govern your business
  • 1,400 Q&A's for all your HR queries
  • Up-to-the-minute HR news, trends and information
  • Timely case studies and whitepapers
  • Monthly Newsletter

Registration is quick and easy, so take advantage of all HRTools has to offer and sign up today!

Related Articles
Related Resources
Related Keywords