By Gil Vidals, , HIPAA Blog, Resources

What privacy rights do you have with your own personal health information?

This a common question with a not-so-simple answer. Any health-related information that could potentially identify an individual (and which there is a reasonable basis to believe so) is considered private health information.

A number of things are important in relation to health information; these include who is actually subject to HIPAA rules, how is this information will be used or shared, whether it will be properly controlled and protected, and who has access to it. 

Individual health information ultimately needs to be shared in order to provide optimal care. It can be shared for the following reasons: to coordinate an individual’s treatment, for doctor visits, to provide families involved in health care (unless objected), to protect the public’s health, and even for police reports, such as in the case of reporting a gunshot wound. Sharing is constituted as written, oral, and by electronic means.

Even with all HIPAA procedures and rules in place, however, there are still breaches of identifiable health information. As such, all businesses and covered entities under HIPAA are required to provide a notification in the event of a breach of unsecured protected health information (PHI).

Organizations that will be required to send notifications include doctors/nurses, pharmacies, hospitals and other healthcare providers, as well as health insurance companies and government programs like Medicare and Medicaid. These businesses and organizations must inform each person of all rights upon initial sign up and in the case that medical information has been breached.

There are, however, organizations that do not have to follow the Privacy and Security Rules. Those organizations include life insurers, workers compensation carriers, most schools, child protective service agencies, law enforcement agencies, and many municipal offices.

In general, most individuals will sign an agreement about the privacy of their health information upon an initial office visit. Understand that this document may potentially allow your health information to be used for sales calls, advertising, and may even be given to your employer. Health care providers should familiarize themselves with all the rules applying to individuals’ health information privacy because of the risk associated with not having a strong understanding.

A New York-based Hospital spent $4.8 million in a HIPAA settlement for a data breach of only 6,800 patient health records. Given the potential risk as a business owner, proper steps should be taken in securing all data.

Altogether, whether a business owner or an individual, knowing the health information privacy rights and rules is critical. There is an abundance of information available to adhere to proper compliance, so take the time to review everything. Companies today even hire experts in the area of health compliance because of the potential negative impact that one little mistake may create.

Avatar photo

Gil Vidals is the president and CTO of HIPAA Vault. He is a passionate, subject matter expert on HIPAA compliance and the healthcare cloud, and co-host of the HIPAA Vault podcast. Since 1997, Gil’s mission has been to provide uncompromising and affordable HIPAA compliant hosting solutions to commercial and government clients, helping protect their sensitive health information from data breaches and security vulnerabilities. HIPAA Vault has been recognized as an Inc. 5000 company and a Clutch Top B2B company. He can be reached here on Linkedin.