• Main Page
• A1C Test
• Advance Directives
• Age on other Planets
• Aliens
• American Flag
• Angels
• Annuals
• Anxiety
• Aortic Aneurysm
• Apple Cider Vinegar
• Aphrodisiacs
• Arrhythmia
• Atrial Fibrillation
• Auras
• Avoiding Scams
• Awareness Ribbons
• Baileys Liqueur
• Bananas
• Banana Tree, Grand Nain
• Banana Tree, Ice Cream
• Banana Tree, Zebrina Rojo
• Beekeeping
• Benign P P Vertigo
• Birth Month
• Blood Tests
• Blood Test Tubes
• Blood Types
• Body Mass Index - BMI
• BMI Calculator
• Boogaloo
• Bookmarks
• Book List
• Boot Anatomy
• Boot Fit Guide - Cowboy
• Boot Glossary
• Boot Leathers
• Boot Makers
• Boot Retailers
• Boot Styles - Western
• Boot Toes & Heels - Western
• Boot Toes & Heels - Work
• Bronchitis
• Candle Colors
• Carbohydrates
• Cardiac Catheterization
• Cardiovascular Disease
• Cats
• CGM's
• Chakras
• Chillicothe Businesses
• Chinese Zodiac
• Cholesterol
• Christmas Tree
• Ciroc Vodka
• Coffee Pods
• Color Codes Chart
• Consumer Resources
• C.O.P.D.
• Coronary Artery Disease
• Country Stars
• Cowboy Hats
• Cowboy Hat Etiquette
• Cowboy Hat Sizing
• C.P.A.P.
• Craft Name!
• Credit Score Checkers
• Credit Scores
• Crystals & Gems
• CT scan
• Degenerative disc Disease
• Deities
• Depression
• Diabetes Info.
• Diabetes Facts
• Diabetes - Pre
• Diabetes - Type 1
• Diabetes - Type 2
• Diabetes - Type 3c
• Diabetes - Gestational
• Diabetes Care
• Diabetes Care Team
• Diabetes Terms
• Diabetes Treatment
• Diabetes & Fruits
• Diabetes & Veg's
• Diet - Boiled Egg
• Diet - DASH
• Diet - Fat Burning
• Diet - Mediterranean
• Diet - Military
• Disability
• Disability Permits
• Disaronno Amaretto
• Do Not Resuscitate
• Domino Divination
• Donation
• Dream Catchers
• Dreams
• Drug Test
• Dupixent®
• Echocardiogram
• Electrocardiogram
• Electromyography
• Elements
• Emphysema
• Epsom Salt
• Eye Teasers
• Fairies
• Farxiga®
• Flower Astrology
• Fonts
• Foods To Regrow
• Fortune Teller
• Friend
• Funny Things
• Fun Stuff
• GERD
• Giving
• Glycemic Index
• Gout
• Growing Blueberries
• Halloween
• Halloween Treats
• Headaches
• Health Facts
• Health Info. Lines
• Heart Attack
• Heart Disease - Other
• Heart Failure
• Heart Imaging Tests
• Hello!!
• Herbal Codes
• Herbal Medicine
• Herb & Oils Uses
• Herniated disc
• HIPAA
• Home Bar
• Home Remedies
• House Plants
• Humalog®
• Hunger Facts
• Hydrogen Peroxide
• Hyperglycemia
• Hypoglycemia
• Hyperkalemia
• Hypokalemia
• Hyperlipidemia
• Hypertension
• Hypotension
• Important Numbers
• Informed Consent
• Inhalers
• Insomnia
• Insulin
• Interesting Facts
• Juice Fasting
• Juice Recipes
• Karma
• Kidney Cysts
• Kidney Disease
• Kinds of Tea
• Lantus®
• Lemon Benefits
• Lime Benefits
• Logger vs Lineman
• Lucky Bamboo
• Macaroni!!
• Magic 8 Ball
• Medicaid
• Medicare
• Men's Health
• Mental Health
• Mirror Messages
• Missouri
• Missouri Prisons
• MO HealthNet
• Moon Phases
• Mounjaro®
• MRI Scan
• Myelography
• Mystical Unicorn
• Nasal Polyps
• Natal Astrology Chart
• National Foundations
• Need a Spell?
• Never Forget
• Nuclear Medicine
• Nutrition - Adults
• Nutrition - Adults, Older
• Nutrition - Kids
• Obesity
• One Little Rose
• Orchid Growing
• Orchid Sources
• Otolaryngologist
• Ouija
• Pagan Humor
• Pagans vs.Wiccans
• Parking Spaces
• PayPal.Me
• Pentagram vs. Pentacle
• Perennials
• Peripheral Artery Disease
• PET/CT Scan
• PET Scan
• Phobias A-Z
• Plant Care
• Plant Zone Map
• Potassium
• Propagating Plants
• Prurigo Nodularis
• Psychic Dictionary
• Psychic Gifts
• PVC's
• Quit Smoking
• Ragtime Music
• Recipes I like
• Red Yeast Rice
• Reiki
• Roses
• Runes
• Sadie & Beethoven
• Salt & Sodium
• Salt Water Flush
• Sciatica
• Service Animals
• Shape Shifters
• Sleep Apnea
• Sleep Disorders
• Sleep Studies
• Smile
• SPECT Scan
• Speed Test
• Spices You Need
• Spices I Have
• Spinal Stenosis
• Spirit Guides
• Statins
• Stents
• Steel Toe vs. Comp. Toe
• Stress Test - Exercise
• Stress Test - Nuclear
• Sugars - Sweeteners
• Superstitions
• Symbols
• Tarot
• Tequila Rose
• Testosterone
• The Ten Commandments
• Tools of the Craft
• Top Alcohol
• Top Animated Movies
• Top Comedy Movies
• Top Expensive Movies
• Top Modern Westerns
• Top 100 Westerns
• Toyota Yaris 2008
• Toyota Yaris 2012
• Trazodone
• Tree, Calamondin Orange
• Tree, Meyer Lemon
• Tree, Persian Lime
• Tree Signs
• Ultrasound
• US Bill of Rights
• US Constitution
• US Declaration of Independence
• UV Vodka
• Vaccines by Age
• Vaccines 0-6 yrs
• Vaccines 7-18 yrs
• Vaccines 19 and up
• Ventricular Fibrillation
• Vertigo
• Vital Records
• Vital Signs
• Vitamin B12
• Vitamin C
• Vitamin D
• Vitamin E
• Vitamin F
• Vitamin K
• Vitamins & Minerals
• Vitamins Recommended
• Water Benefits
• Weight on other Planets
• Wheel of the Year
• Wicca
• Wiccan Rede
• Wines
• Wines - Missouri
• X-Rays
• Yin / Yang
• Zodiac Signs

Needed to read PDF's

Adobe Reader

Health Insurance Portability & Accountability Act

(HIPAA)

At a glance

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 establishes federal standards protecting sensitive health information from disclosure without patient's consent. The US Department of Health and Human Services issued the HIPAA Privacy Rule to implement HIPAA requirements. The HIPAA Security Rule protects specific information cover the Privacy Rule.

Background

HIPAA Privacy Rule

The Privacy Rule standards address the use and disclosure of individuals' protected health information (PHI) by entities subject to the rule. These individuals and organizations are called "covered entities."

The Privacy Rule also contains standards for individuals' rights to understand and control how their health information is used. It protects individual health information while allowing necessary access to health information, promoting high-quality healthcare, and protecting the public's health. The Privacy Rule permits important uses of information while protecting the privacy of people who seek care and healing.

Covered Entities

The following types of individuals and organizations are subject to the Privacy Rule and considered covered entities:

Healthcare providers: Every healthcare provider, regardless of size of practice, who electronically transmits health information in connection with certain transactions. These transactions include:

• Claims
• Benefit eligibility inquiries
• Referral authorization requests
• Other transactions for which HHS has established standards under the HIPAA Transactions Rule.

Health plans:

Health plans include:

• Health, dental, vision, and prescription drug insurers
• Health maintenance organizations (HMOs)
• Medicare, Medicaid, Medicare+Choice, and Medicare supplement insurers
• Long-term care insurers (excluding nursing home fixed-indemnity policies)
• Employer-sponsored group health plans
• Government- and church-sponsored health plans
• Multi-employer health plans

Exception: A group health plan with fewer than 50 participants administered solely by the establishing and maintaining employer, is not covered.

• Healthcare clearinghouses: Entities processing nonstandard information received from another entity into a standard format or vice versa. Healthcare clearinghouses receive identifiable health information when providing processing services to a health plan or healthcare provider as a business associate.
• Business associates: A non-member of a covered entity's workforce using individually identifiable health information to perform functions for a covered entity. These functions, activities, or services include:
  • Claims processing
  • Data analysis
  • Utilization review
  • Billing

Permitted Uses and Disclosures

The law permits a covered entity to use and disclose PHI, without an individual's authorization, for the following situations:

• Disclosure to the individual (if the information is required for access or accounting of disclosures, the entity MUST disclose to the individual)
• Treatment, payment, and healthcare operations
• Opportunity to agree or object to the disclosure of PHI
  • An entity can obtain informal permission by asking the individual outright, or by circumstances that clearly give the individual the opportunity to agree, acquiesce, or object
• Incident to an otherwise permitted use and disclosure
• Limited dataset for research, public health, or healthcare operations
• Public interest and benefit activities—The Privacy Rule permits use and disclosure of PHI, without an individual's authorization or permission, for 12 national priority purposes:

1. When required by law
2. Public health activities
3. Victims of abuse or neglect or domestic violence
4. Health oversight activities
5. Judicial and administrative proceedings
6. Law enforcement
7. Functions (such as identification) concerning deceased persons
8. Cadaveric organ, eye, or tissue donation
9. Research, under certain conditions
10. To prevent or lessen a serious threat to health or safety
11. Essential government functions
12. Workers' compensation

HIPAA Security Rule

While the HIPAA Privacy Rule safeguards PHI, the Security Rule protects a subset of information covered by the Privacy Rule. This subset is all individually identifiable health information a covered entity creates, receives, maintains, or transmits in electronic form. This information is called electronic protected health information, or e-PHI. The Security Rule does not apply to PHI transmitted orally or in writing.

To comply with the HIPAA Security Rule, all covered entities must:

• Ensure the confidentiality, integrity, and availability of all e-PHI
• Detect and safeguard against anticipated threats to the security of the information
• Protect against anticipated impermissible uses or disclosures that are not allowed by the rule
• Certify compliance by their workforce

Covered entities should rely on professional ethics and best judgment when considering requests for these permissive uses and disclosures. The HHS Office for Civil Rights enforces HIPAA rules, and all complaints should be reported to that office. HIPAA violations may result in civil monetary or criminal penalties.

Who Is Not Required to Follow These Laws

Many organizations that have health information about you do not have to follow these laws.

Examples of organizations that do not have to follow the Privacy and Security Rules include:

• Life insurers
• Employers
• Workers compensation carriers
• Most schools and school districts
• Many state agencies like child protective service agencies
• Most law enforcement agencies
• Many municipal offices

What Information Is Protected 

• Information your doctors, nurses, and other health care providers put in your medical record
• Conversations your doctor has about your care or treatment with nurses and others
• Information about you in your health insurer’s computer system
• Billing information about you at your clinic
• Most other health information about you held by those who must follow these laws

How This Information Is Protected

• Covered entities must put in place safeguards to protect your health information and ensure they do not use or disclose your health information improperly.
• Covered entities must reasonably limit uses and disclosures to the minimum necessary to accomplish their intended purpose.
• Covered entities must have procedures in place to limit who can view and access your health information as well as implement training programs for employees about how to protect your health information.
• Business associates also must put in place safeguards to protect your health information and ensure they do not use or disclose your health information improperly.

What Rights Does the Privacy Rule Give Me over My Health Information?

Health insurers and providers who are covered entities must comply with your right to: 

• Ask to see and get a copy of your health records
• Have corrections added to your health information
• Receive a notice that tells you how your health information may be used and shared
• Decide if you want to give your permission before your health information can be used or shared for certain purposes, such as for marketing
• Request that a covered entity restrict how it uses or discloses your health information
• Get a report on when and why your health information was shared for certain purposes
• If you believe your rights are being denied or your health information isn’t being protected, you can
  • File a complaint with your provider or health insurer
  • File a complaint with HHS

You should get to know these important rights, which help you protect your health information.

You can ask your provider or health insurer questions about your rights.

Who Can Look at and Receive Your Health Information

The Privacy Rule sets rules and limits on who can look at and receive your health information

To make sure that your health information is protected in a way that does not interfere with your health care, your information can be used and shared:

• For your treatment and care coordination
• To pay doctors and hospitals for your health care and to help run their businesses
• With your family, relatives, friends, or others you identify who are involved with your health care or your health care bills, unless you object
• To make sure doctors give good care and nursing homes are clean and safe
• To protect the public's health, such as by reporting when the flu is in your area
• To make required reports to the police, such as reporting gunshot wounds

Your health information cannot be used or shared without your written permission unless this law allows it. For example, without your authorization, your provider generally cannot:

• Give your information to your employer
• Use or share your information for marketing or advertising purposes or sell your information

Your Medical Records

The Privacy Rule gives you, with few exceptions, the right to inspect, review, and receive a copy of your medical records and billing records that are held by health plans and health care providers covered by the Privacy Rule.

Access

Only you or your personal representative has the right to access your records.

A health care provider or health plan may send copies of your records to another provider or health plan only as needed for treatment or payment or with your permission. 

The Privacy Rule does not require the health care provider or health plan to share information with other providers or plans.

HIPAA gives you important rights to access your medical record and to keep your information private.

Charges

A provider cannot deny you a copy of your records because you have not paid for the services you have received. 

However, a provider may charge for the reasonable costs for copying and mailing the records. The provider cannot charge you a fee for searching for or retrieving your records.

Provider’s Psychotherapy Notes

You do not have the right to access a provider’s psychotherapy notes. 

Psychotherapy notes are notes that a mental health professional takes during a conversation with a patient. They are kept separate from the patient’s medical and billing records. HIPAA also does not allow the provider to make most disclosures about psychotherapy notes about you without your authorization.

Corrections

If you think the information in your medical or billing record is incorrect, you can request a change, or amendment, to your record. The health care provider or health plan must respond to your request. If it created the information, it must amend inaccurate or incomplete information. 

If the provider or plan does not agree to your request, you have the right to submit a statement of disagreement that the provider or plan must add to your record.

Employers and Health Information in the Workplace

The Privacy Rule controls how a health plan or a covered health care provider shares your protected health information with an employer. 

Employment Records

The Privacy Rule does not protect your employment records, even if the information in those records is health-related. In most cases, the Privacy Rule does not apply to the actions of an employer.

If you work for a health plan or a covered health care provider:

• The Privacy Rule does not apply to your employment records. 
• The Rule does protect your medical or health plan records if you are a patient of the provider or a member of the health plan.

Requests from your employer

Your employer can ask you for a doctor’s note or other health information if they need the information for sick leave, workers’ compensation, wellness programs, or health insurance.

However, if your employer asks your health care provider directly for information about you, your provider cannot give your employer the information without your authorization unless other laws require them to do so.

Generally, the Privacy Rule applies to the disclosures made by your health care provider, not the questions your employer may ask.

Personal Representatives

Generally, an HIPAA-covered health care provider or health plan must allow your personal representative to inspect and receive a copy of protected health information about you that they maintain.

Naming a Personal Representative

Your personal representative can be named several ways; state law may affect this process. 

If a person can make health care decisions for you using a health care power of attorney, the person is your personal representative. 

Children 

The personal representative of a minor child is usually the child’s parent or legal guardian.  State laws may affect guardianship.  

In cases where a custody decree exists, the personal representative is the parent(s) who can make health care decisions for the child under the custody decree. 

Deceased Persons

When an individual dies, the personal representative for the deceased is the executor or administrator of the deceased individual’s estate, or the person who is legally authorized by a court or by state law to act on the behalf of the deceased individual or his or her estate. 

Exceptions

A provider or plan may choose not to treat a person as your personal representative if the provider or plan reasonably believes that the person might endanger you in situations of domestic violence, abuse, or neglect.

Family Members & Friends

The Privacy Rule does not require a health care provider or health plan to share information with your family or friends, unless they are your personal representatives.  

However, the provider or plan can share your information with family or friends if: 

• They are involved in your health care or payment for your health care, 
• You tell the provider or plan that it can do so, 
• You do not object to sharing of the information, or 
• If, using its professional judgment, a provider or plan believes that you do not object. 

Examples

• If you do not object, your doctor could talk with the friend who goes with you to the hospital or with a family member who pays your medical bill.  
• If you send your friend to pick up your prescription for you, the pharmacist can assume that you do not object to their being given the medication.   
• When you are not there or when you are injured and cannot give your permission, a provider may share information with these people if it seems like this would be in your best interest. 

Court Orders & Subpoenas

Court Order

A HIPAA-covered health care provider or health plan may share your protected health information if it has a court order. This includes the order of an administrative tribunal. However, the provider or plan may only disclose the information specifically described in the order. 

Subpoena

A subpoena issued by someone other than a judge, such as a court clerk or an attorney in a case, is different from a court order.

A HIPAA-covered provider or plan may disclose information to a party issuing a subpoena only if the notification requirements of the Privacy Rule are met. Before responding to the subpoena, the provider or plan should receive evidence that there were reasonable efforts to:

• Notify the person who is the subject of the information about the request, so the person has a chance to object to the disclosure, or
• Seek a qualified protective order for the information from the court.

Notice of Privacy Practices

What is the HIPAA notice I receive from my doctor and health plan?

Your health care provider and health plan must give you a notice that tells you how they may use and share your health information. It must also include your health privacy rights. In most cases, you should receive the notice on your first visit to a provider or in the mail from your health plan. You can also ask for a copy at any time.

Why do I have to sign a form?

The law requires your doctor, hospital, or other health care provider to ask you to state in writing that you received the notice.

• The law does not require you to sign the “acknowledgement of receipt of the notice.” 
• Signing does not mean that you have agreed to any special uses or disclosures (sharing) of your health records. 
• Refusing to sign the acknowledgement does not prevent a provider or plan from using or disclosing health information as HIPAA permits. 
• If you refuse to sign the acknowledgement, the provider must keep a record of this fact.

What is in the Notice?

The notice must describe:

• How the Privacy Rule allows provider to use and disclose protected health information. It must also explain that your permission (authorization) is necessary before your health records are shared for any other reason
• The organization’s duties to protect health information privacy
• Your privacy rights, including the right to complain to HHS and to the organization if you believe your privacy rights have been violated
• How to contact the organization for more information and to make a complaint

When and how can I receive a Notice of Privacy Practices?

You’ll usually receive notice at your first appointment. In an emergency, you should receive notice as soon as possible after the emergency.

The notice must also be posted in a clear and easy to find location where patients are able to see it, and a copy must be provided to anyone who asks for one.

If an organization has a website, it must post the notice there.

A health plan must give its notice to you at enrollment. It must also send a reminder at least once every three years that you can ask for the notice at any time.

A health plan can give the notice to the “named insured” (subscriber for coverage). It does not also have to give separate notices to spouses and dependents.

Get it. Check it. Use it.

Access to your health information is your right.

Having access to your health records is a powerful tool in staying healthy. With access to your health information you can make better decisions with your doctor, better track your progress and do more to be healthy. The Health Insurance Portability and Accountability Act, or HIPAA, for short, gives you the important right to see and get copies of your health information.

Get it.

Ask your doctor. You have the right to see and get copies of your health information. In most cases, you can get a copy the way you want it, such as by e-mail. While your doctor normally has up to 30 days to provide you a copy of your information, your doctor often can provide the information much sooner than that. If your doctor offers a web portal, you may be able to easily view and download your health information whenever you want. There are a few exceptions to getting your information, but you can’t be denied access for not paying your medical bill. Your doctor can, however, charge you a reasonable fee for a copy of your health information. The fee may not be a per page fee if your information is stored electronically.

Check it.

Check to make sure your health information is correct and complete. If you think something is wrong or missing, you can ask your doctor to fix it. Your doctor might not agree, but you always have the right to have your disagreement added to your record.

Use it.

Having access to your health information means better communication between you and your doctors, less paperwork and greater control over your health. You can request that your doctor share your information directly with others, like family members, a caregiver, a mobile application or “app,” or a researcher.

Information is key to making good healthcare decisions.

• Track your lab results and medications
• Understand your health history
• Get x-rays and other medical images
• Ask better questions and make healthier choices
• Share information with those you want, such as a caregiver, or a research program so you can help yourself and help others.

Find me on Social Media

Don't forget to bookmark me to see updates.. Contact Page Copyright © 2000 - 2025    K. Kerr Most recent revision June 01, 2025 10:05:38 AM