Privacy and Health Information
Frequently Asked Questions
Who must follow this law?
- Most doctors, nurses, pharmacies, hospitals, clinics, nursing homes and many other healthcare providers and their vendors
- Health insurance companies, HMOs and most employer group health plans
- Certain government programs that pay for healthcare, such as Medicare and Medicaid
What information is protected?
- Information your doctors, nurses and other healthcare providers put in your medical records
- Conversations your doctor has with nurses and others regarding your care or treatment
- Information about you in your health insurer’s computer system
- Billing information about you at your clinic
- Most other health information about you held by those who must follow this law
What rights do you have over your health information?
Providers and health insurers must comply with your right to:
- Ask to see and get a copy of your health records
- Have corrections added to your health information
- Receive a notice that tells you how your health information may be used and shared
- Decide if you want to give your permission before your health information can be used or shared for certain purposes, such as for marketing
- Get a report on when and why your health information was shared for certain purposes
- File a complaint
What are the rules and limits on who can see and receive your health information?
To make sure that your health information is protected in a way that doesn’t interfere with your healthcare, your information can be used and shared:
- For your treatment and care coordination
- To pay doctors and hospitals for your healthcare and help run their businesses
- With your family, relatives, friends or others you identify who are involved with your healthcare or your healthcare bills, unless you object
- To make sure doctors give good care and nursing homes are clean and safe
- To protect the public’s health, such as by reporting when the flu is in your area
- To make required reports to the police, such as reporting gunshot wounds
Without your written permission, your provider cannot:
- Give your health information to your employer
- Use or share your health information for marketing or advertising purposes
- Share private notes about your mental health counseling sessions