HIPAA Guide for Parents and Patients

Are you ready for HIPAA?

HIPAA stands for Health Insurance Portability and Accountability Act, and although it is welcome by many consumer advocacy groups and patients, it has been a headache for many doctors and hospitals trying to conform to a bunch of new rules. If you don't know what HIPAA is, you likely have at least signed HIPAA forms at your last visit to the doctor.

Doctor showing tablet to teenage boy in medical practice
Westend61 / Getty Images


HIPAA was passed to help protect and safeguard the security and confidentiality of a person's health information.

One part of HIPAA, the Privacy Rule, aims to keep your medical information private and prevent unnecessary disclosures of your protected health information (PHI). That doesn't mean that your doctor can't talk to anyone about your health information. Your doctor can still disclose your PHI (Permissive Disclosure) without your consent in many situations, especially if it is related to treatment, payment or healthcare operations. For example, if you have a heart attack, your doctor has to tell your insurance company about it to get them to pay your health bills, but your credit card company doesn't have to be told about it.

How Will HIPAA Affect You?

For many people, HIPAA will have no obvious effect, at least in the sense of what you have to do.

Among the things that you may notice if your doctor must comply with HIPAA is that you should be given a copy of your doctor's notice of privacy policy and you will be asked to sign a form saying that you received it. This notice of privacy policy will include information about how your doctor will protect your PHI, how your PHI might be disclosed without your consent when legally permitted, and how other disclosures of your PHI can be made only with your consent. Signing this form is your acknowledgment that you received the privacy policy. It doesn't mean that you agree with it or that you agree to give up any of your rights, so you should likely sign it.

The Privacy Rule of HIPAA also gives you new Patient Rights. Among these rights are the right to request to amend your medical records or have a letter of disagreement placed into your record, the right to place restrictions on who can be given your PHI, and the right to inspect and copy your medical records. You will likely have to pay for copies though and for any time that your doctor takes to explain what is in the records.

Why would you want to amend your records? Say that you took your 15-month-old to the doctor because they were coughing and wheezing and your doctor diagnosed them as having asthma. They get worse that night and you to go to the ER and they find that they don't have asthma, but have croup instead. A few years later you change to a new insurance and they note the previous diagnosis of asthma and refuse to pay for their medicines when they do actually develop asthma because they say it is a preexisting condition. Now if you amend your child's records to say that they actually didn't have asthma when they were 15 months old, then you might be able to get your insurance to cover their asthma treatments.

You can also request that your healthcare provider communicate with you in a confidential manner, for example, not sending postcard reminders of appointments or leaving messages on an answering machine or where you work.

Other changes you might see is that hospitals and doctor's offices do a better job of keeping information confidential, so you might see charts face down, patient's names no longer listed openly, and hospitals no longer giving out patient's room numbers or acknowledging that a patient is even in the hospital.

Pediatric offices will face some big changes under HIPAA and the Privacy Rule.

HIPAA is not meant to make it harder for you to get medical care for your child or get access to their health records. If you are noticing big problems or inconveniences, it is likely because someone is misinterpreting HIPAA regulations.

For example, TV news reports are stating that new HIPAA regulations will mean that a friend or family member won't be able to pick up your prescriptions for you. But HIPAA actually goes out of its way to explain that 'the fact that a relative or friend arrives at a pharmacy and asks to pick up a specific prescription for an individual effectively verifies that he or she is involved in the individual's care.'

Pediatricians used to often fax copies of shot records to schools and daycares. Now, unless you provide written consent, your doctor's office may not be able to do that, since it might mean an unauthorized release of PHI. You might have to get those records yourself and then give them to whoever needs them. Using the example above, the fact that the school or daycare is asking for a specific student's information and that they know that you are the child's doctor should imply that they are 'involved in the individual's care' too.

Another situation arises if a child's babysitter or neighbor, etc., takes the child to the doctor. Since they aren't a parent or legal guardian, can you provide them with the child's PHI? Again, the fact that they have the child with them should effectively verify 'that he or she is involved in the individual's care' and you shouldn't need written authorization to release PHI.

Health forms and permission to administer medications letters might also have to be given to a parent or guardian to give to the child's school, although this should be regarded as "treatment" and should be allowed without authorization.

You can also give your doctor written consent to permit any of these disclosures if you wish though.

Your doctor also won't be able to disclose your PHI to your family members unless you authorize it, although this can be an oral request. Technically, if you have a baby, your pediatrician would not be allowed to walk out of Labor and Delivery and tell family members if it was a boy or a girl unless you provided consent.

Your doctor's office will still be able to use sign-in sheets (although they can't list your diagnosis or complaint) and call out your name in the waiting room, as these are considered incidental disclosures.

Hopefully, many of these situations will be further clarified so that parents and doctors aren't inconvenienced by HIPAA.

Minors and HIPAA

Although parents will, in general, have access to their children's medical records, there are situations where your healthcare provider can restrict this access. For example, a pregnant teen doesn't need their parent's consent for treatment in many states, so you might not be able to request your child's chart to see if she had a pregnancy test.

State laws where you live will determine how much of your child's PHI you can get through HIPAA. In many states, minors can consent to treatment and testing for STDs and alcohol and drug treatment, so parents might not be able to access these records. A pediatrician can also restrict a parent's access if they think that it will harm the child. And you can't access your own or your child's psychotherapy notes.

To protect your children's confidentiality, and enhance their relationship with their Pediatrician, you might sign an agreement that they have a confidential relationship so that you won't have access to your children's records.

HIPAA Violations

HIPAA also makes provisions for people to make complaints about misuse of their PHI through the Office of Civil Rights within the Department of Health and Human Services (HHS).

People who violate HIPAA can face both civil and criminal penalties, including fines and/or imprisonment for one to 10 years. Criminal penalties can be imposed on doctors that knowingly violate the privacy rule and/or disclose a patient's PHI for personal gain, false pretenses, or malicious purposes.

Was this page helpful?
Article Sources
Verywell Health uses only high-quality sources, including peer-reviewed studies, to support the facts within our articles. Read our editorial process to learn more about how we fact-check and keep our content accurate, reliable, and trustworthy.
  1. U.S. Department of Health & Human Services. Health Information Privacy.

  2. U.S. Department of Health & Human Services. HIPAA What to Expect.