HIPAA privacy protection is federal law and sets limits on who can look at our private electronic, oral and written health information. The security component requires health organizations to protect patient electronic information with a tight level of security. It is critical that all employees who work with patient records understand HIPAA and how to handle and secure patient medical data. The law requires comprehensive HIPAA privacy training.
- Health insurers, HMOs, health plans, doctors, nurses, hospitals, clinics, nursing homes, pharmacies, dentists, healthcare clearing houses, and any other healthcare plan or provider must all follow HIPAA.
- School districts, life insurance companies, state agencies, employers, and law enforcement are examples of entities that do not have to follow HIPAA.
- Health care providers must limit the disclosure of patient information to the least possible degree that will not harm patient care.
- All healthcare contractors must have safeguards in place to adequately secure patient data.
- Healthcare employees who work with patient records must have HIPAA training.
- Patients have a right to see their information when they ask, the right to have corrections made to the record, the right to give permission for the data to be used for marketing purposes and to get a report on how and why their information was used.
- Patients can file a complaint with the Federal Government or with the healthcare provider.
- Patients have a right to declare how they are reached. For instance, they might want to be contacted at work instead of home or via an envelope rather than a postcard.
- Medicaid and Medicare, as well as other government organizations that pay for healthcare, must comply with the HIPAA law.