The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Breach Notification Rules are the main Federal laws that protect your health information. Health care professionals and the federal government take your health information privacy seriously. You should, too. Federal regulations protect the privacy of your health information held by most health care providers, health insurers, and other organizations operating on behalf of your health care provider or health plan.
However, it's also important to protect health information that you control. If you store health information on your personal computer or mobile device, exchange emails about it, or participate in health-related online communities, here are a few things you should know:
• While Federal regulations protect and secure your health information when it is held by your health care provider (such as your doctor or hospital) or health insurance company, those regulations do not apply if you share your health information with an organization that is not covered by them. For example, if you post health information about yourself online — such as on a message board about a health condition — that information is not protected by these laws and regulations. In other words: Never post anything online that you don't want made public.
• Your doctor uses tools to protect and secure your health information at his or her office. You can do the same at home. If you have health information stored on your home computer or mobile device — or if you discuss your health information over email — simple tools like passwords can help keep your health information secure if your computer is lost or stolen.
Identity thieves could try to use your personal and health insurance information to get medical treatment, prescription drugs, or surgery. The best way to protect yourself against this possibility is to make sure you verify the source before sharing your personal or medical information. Safeguard your medical and health insurance information and shred any insurance forms, prescriptions, or physician statements. For more information about medical identity theft, visit the Federal Trade Commission (FTC) website to learn how to protect yourself.
If you believe your information was used or shared in a way that is not allowed under Federal regulations (such as HIPAA Rules), or if you were not able to exercise your rights, you can file a complaint with your provider or health insurer. The notice of privacy practices you receive from them will tell you how to file a complaint. You can also file a complaint with the U.S. Department of Health and Human Services (HHS) Office of Civil Rights or your State's Attorneys General Office.