HIPAA protects the privacy and security of US patients' health information held by covered entities (hospitals, insurers, doctors). It gives patients rights to access, correct, and restrict use of their medical records.
The Health Insurance Portability and Accountability Act of 1996 (42 U.S.C. § 1320d et seq.) establishes national standards for the privacy and security of protected health information (PHI). HIPAA applies to 'covered entities' — healthcare providers, health plans, and healthcare clearinghouses — and their 'business associates' who handle PHI on their behalf. Key patient rights under HIPAA: - **Right to access**: Obtain a copy of your medical records within 30 days (fee may apply). - **Right to amend**: Request corrections to inaccurate records. - **Right to an accounting**: Find out who has received your PHI (for non-treatment purposes). - **Right to restrict**: Request restrictions on disclosure of your information. - **Right to confidential communications**: Request that communications be sent by an alternative means (e.g., home address rather than employer). HIPAA does not apply to employers maintaining employee records, schools, life insurers, or law enforcement in general contexts. HIPAA violations are reported to the HHS Office for Civil Rights (OCR). Penalties range from A$100 to A$50,000+ per violation.
A hospital's billing department sends a patient's HIV status to her employer's HR department. This is an unauthorised disclosure of PHI — a HIPAA violation. The patient files a complaint with the HHS OCR, which investigates and can impose fines on the hospital.
The Advocate covers US law and Scripture — 389 real scenarios across 7 countries with exact rebuttals and law references. Free to start.
Explore US Rights — Free