The Privacy Rule of the Health Insurance Portability and Accountability Act, or HIPAA, protects medical information according to federal guidelines, reports the U.S. Department of Health and Human Services. The Privacy Rule stipulates which entities must follow the regulations, what and how information is protected, and what rights a patient has.Continue Reading
Covered entities that are required to follow HIPAA guidelines include company health plans, health insurance companies, Medicaid and Medicare, health care providers that bill health insurance companies electronically, and health care clearinghouses that process health information, according to HHS. Protected data includes information that health care providers enter into a written record, information disclosed in conversations with patients, information in computer systems, and billing information. Entities that handle health care information must train employees about information protection, limit who can view the information, and implement safeguards to protect the information.
Patients have the right to access, copy and correct health information, states HHS. Health providers must notify patients about how health information may be used or shared. Permission from patients is required before health information is disclosed for purposes such as marketing. However, entities not bound by the Privacy Rule include employers, life insurance companies, schools, child protective service agencies and law enforcement agencies.Learn more about Law