Informing Patients of Privacy Rights

HIPAA privacy
Christopher Furlong/Getty Images

Informing patients of privacy rights is a condition of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). As a health care provider, it is your responsibility to be informed about the standards involving PHI under the HIPAA Privacy Rule. The HIPAA Privacy Rule details information on how protected information can be used and disclosed and what information is considered PHI. It also identifies the role providers have in informing patients of their privacy rights.

Health care providers have an obligation to provide their patients with a Notice of Privacy Practices. This notice, as required by the HIPAA Privacy Rule, gives patients the right to be informed about their privacy rights as it relates to their protected health information (PHI).

The main objective of the notice of privacy practices is to notify patients of their rights and how to exercise those rights. The notice should describe certain information in easy to understand terms:

  • How the provider will use and disclose their PHI
  • The rights patients have regarding their own PHI
  • A statement informing the patient of laws requiring the provider to maintain the privacy of their PHI
  • Who patients can contact for further information regarding the provider's privacy policies

Before the first treatment of a patient, providers must present the notice before services are performed except in emergency situations. Patients must sign a written acknowledgment that they have received the notice of privacy practices. In emergency situations, providers are still required to attempt to provide the notice and have the patient sign the written acknowledgment.

Providers are not required to provide the notice of privacy practices each time a patient presents for treatment. HIPAA only requires a notice to be provided to patients once every three years or whenever changes are made to the notice.

The best way to make sure all of your patients are properly notified of their privacy rights is to post the notice of privacy practices in a highly visible location and have copies readily available for patients upon request.

Patient Rights

  • Patients can ask to see or get a copy of their health and claim records. Requests must be provided within 30 days.
  • Patients can ask for health and claim records if they need to be corrected or completed. Requests for changes to a claim can be denied in writing within 60 days,
  • Patients can request that they be contacted with confidential information in a specific way such as home or office, or an address different from their home address.
  • Patients can request the medical office to limit the information that they share.
  • Patients can request a list of all disclosures for the past six years.
  • Patients can appoint a power of attorney or a legal guardian to make decisions about their personal health information.
  • Patients can file a complaint if their rights feel violated

Patients can make complaints via mail, phone, or web.

There are numerous aspects of HIPAA or maintaining HIPAA compliance in a medical office. HIPAA is not just about protecting patient data. It is important that medical office staff and business associates receive ongoing education and training, or at the very least, updated information as HIPAA information may change on a regular basis.

Was this page helpful?