patient rights (HIPAA)

HIPAA extends a set of privacy protections -- or, if you prefer, "rights" -- to all patients with respect to their health information:

• to inspect and obtain a copy of their health records;

• to correct or amend any errors in those records (or, at a minimum, put a statement of exception in the record for information with which the patient disagrees);

• to receive an accounting of any disclosures of the records;

• to request additional protections for or confidential communications of particularly sensitive information in the records;

In addition, the patient must

• be given a notice of the institution's privacy practices on first contact, and periodically thereafter;

• sign a written acknowledgement of receipt of that notice;

• for covered entities that choose such an option, also sign a consent;

• sign an authorization prior to any "extra" uses and disclosures, such as research (institutions may not condition treatment or payment on an authorization);

• be given an opportunity to agree or object to other types of use or disclosure; and

• be provided with the names, offices and procedures for complaints about an institution's privacy practices (as well as the procedures for complaining to DHHS).

Health care institutions covered by HIPAA (covered entities) must put in place policies and procedures which give effect to these protections.

Last modified: 12-May-2005 [RC]