Understanding the HIPAA Notice

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that sets rules about who can look at and receive your health information. This law protects your rights over your health information and when it can be shared. It also requires your doctors, pharmacists and other health care providers, and your health plan, to provide a notice that explains your rights and how your health information can be used or shared. Follow these steps to make sure you understand the notice about your privacy rights.
1. Get a Copy of the Notice of Privacy Practices
When you see a doctor, check in to a hospital, start getting prescriptions filled by a pharmacy or change health insurance coverage, you will likely get several forms to read and sign.

One of those forms—called the Notice of Privacy Practices—explains your rights regarding your health information and tells you how your health information can be used or shared. Most doctors must give you the Notice at your first appointment, and most health plans must give you the Notice when you enroll.

A copy of the Notice may also be posted in a clear, easy-to-find location in a doctor’s office, pharmacy or hospital, be mailed to you by your health insurance company or be posted on a doctor’s or health insurance company’s website. If you can’t find it, ask for it. Your health provider or health insurance company must give it to anyone who asks.

2. Read the Notice
The notice will explain:
  • How your health care provider or insurer is allowed to use or share your health information
  • Your privacy rights, which include your right to get a copy of your health file, review it, ask that it be corrected and complain if you think your privacy rights have been violated
  • Your doctor’s or insurer’s legal duties to protect your health information
  • Whom to contact for more information about your doctor or insurance company’s privacy policies
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that sets rules about who can look at and receive your health insurance.
3. Ask Questions About the Notice or Your Rights
The Notice should help you understand your privacy rights. If the information in the Notice is not clear, ask your health care provider or your health plan to explain it.
4. Verify That You Received the Notice
The law requires your doctor, hospital or other health care provider to ask for written proof that you received the Notice of Privacy Practices, or what they might call an “acknowledgement of receipt.” The law does not require you to sign the acknowledgement form.

Signing does not mean that you have given up any of your rights or agreed to any special uses of your health records. You are just confirming that you received the Notice. If you choose not to sign, your provider must keep a record that you didn’t.

Whether you sign or not has no effect on your health care—your provider must still treat you.
For more information about the Notice of Privacy Practices and your privacy rights, visit www.hhs.gov/ocr/privacy.
Source: U.S. Department of Health and Human Services