Melissa arrives on time at Dr. Smith’s office. She checks in at the reception desk and is asked to read the HIPAA notice. She authorizes her parents to receive information about her care, and signs a form confirming she has read the HIPAA guidelines. Melissa knows the basics of HIPAA, but is curious to learn more so she pulls out her smartphone and searches for HIPAA on the Internet.
Melissa visits HealthIT.gov and learns that the HIPAA Privacy Rule, passed by Congress in 1996, sets rules and limits on who can look at and/or receive your information that relates to your health, or can be used to identify you. Your health information may be used and shared with the following: physicians; hospitals; police in special cases (such as gunshot wounds); and government agencies that report on the incidence of various illnesses. Specific family, relatives, friends or others must be listed on the notice in order to have access to your health information.
Your health care provider and health plan must provide a notice that tells you how they may use and share your health information and how you can exercise your health privacy rights. Unless HIPAA explicitly allows for the use or disclosure of your protected health information (similar to the situations as noted above), your personal health information (PHI) cannot be used or shared without your written permission.