Health Insurance Portability and Accountability Act (HIPAA)

× How does HIPAA protect my privacy?

Medical records contain considerable information about a person's physical and mental health and behaviors. If this information is shared inappropriately, it could make people reluctant to confide in healthcare professionals. Because they anticipated an increase in the use of computerized systems to collect, store and transmit patients' personal health information, the framers of HIPAA felt it was crucial to include standards for maintaining patients' privacy and security. These standards guide healthcare entities in maintaining their patients' confidentiality. In addition to protecting computerized health information, the privacy regulations and standards also apply to information that appears on paper or is communicated orally.

× Who must comply with HIPAA regulations?

Everyone involved in healthcare, including medical providers, hospitals, insurance companies, health plans, clearinghouses and health departments, must comply with HIPAA. If any entity conducts any of several key transactions electronically, it is also subject to the regulations.

× How will the privacy rules impact me and what protections do they offer?

The privacy rules govern your personal access to your records and restrict the access of others. In accordance with HIPAA, you:

• Are required to be notified about your rights with respect to your health information.
• May inspect and copy your records.
• Have the right to amend your records.
• Must grant written permission before any personal information that could identify you can be released for non-routine purposes—things other than obtaining treatment or payment.
• Can request certain additional restrictions on the use and disclosure of your health information.
• Can request an accounting of the non-routine disclosures of your health information.

× What steps are Wellstar required to take to protect my privacy?

HIPAA establishes specific obligations for hospitals and other covered entities.

• Whenever we use or disclose protected health information, we try to limit the information to the minimum amount necessary to accomplish the intended purpose of the use or disclosure.
• We ensure that associates working with us agree to abide by the privacy rules. These associates may include, but are not limited to, medical laboratories, transcription services, law firms and hardware and software vendors.
• Our employees are trained in privacy and the security of personal health information.
• Appropriate systems have been established to protect personal health information from accidental access or disclosure.
  1. Administrative procedures specify which employees can access confidential data and how privacy training is to be completed.
  2. Physical safeguards, which includes locks and the positioning of office equipment to prevent unauthorized viewing of personal health information.
  3. Technical measures, including computer passwords, virus protection and data encryption.

× What if I think my privacy has been violated?

If you suspect your privacy rights have been violated, you can file a complaint directly with your health care provider or with the federal government. Details should be available in your provider’s notice of privacy practices. A health care provider found to be noncompliant with HIPAA rules may be subject to civil and criminal penalties.

× Where can I get more information about HIPAA and the privacy rules?

Consult our notice of privacy practices or contact Member Services. You may also learn more at the U.S. Department of Health and Human Services website.