The regulations set forth in HIPAA were first instituted because of abuse which occurred with patient’s health information. This information is supposed to remain confidential, and when confidentiality is breeched damage to a person can occur. For instance, an employee might not hire an individual based on health conditions. Another abuse occurs when personal health information is sold simply for marketing purposes. To alleviate the damage and abuses, HIPAA was established on a national level to protect the health rights of individuals.

What are patient rights?

HIPAA provides a set of rights, or privacy protections to patients when it comes to their health information. Patient rights include:

  • Being able to obtain and inspect personal health records
  • Correct or change errors that may be found in health records
  • Be informed of any disclosures of health information
  • Restricting certain disclosures
  • Receiving communication from covered entities through alternative means

These are the types of rights that are afforded to individuals under HIPAA’s framework. Entities must convey these rights to patients.

Fair Notice of Privacy Practices

Patients have the right to receive a “Notice of Privacy Practices” from a covered entity. This is perhaps the most visible part of HIPAA for the average patient. HIPAA requires that privacy notices be given each patient and that they be written in purely understandable language so they are easily understood. Even though each provider can use their own content to explain their practices with regards to privacy, they must have this statement prominently displayed on the notice:

This notice describes how medical information about you may be used and disclosed

And how you can get access to this information.

Please review it carefully.

Other requirements include how disclosures are to be made and how the patient’s health information is used. Anyway in which the entity plans on using health information must be disclosed in the notice. They must also give practical examples such as “we may use or disclose health information to another health care provider or physician who is providing treatment to you.”

Patient Responsibilities

A patient must be given the notice of privacy practices the first time they come in contact with an entity, and anytime the policies are changes. The patient must sign in acknowledgement of the receipt of the notice. In many cases, they must also sign a consent form. They must also be given the proper procedures for complaints about privacy practices and be given the opportunity to agree or object to the use of their health information in the ways disclosed.