Download Locations:
Summary:
As of April 14, 2003, health plans and health care providers and their business associates must be in compliance with new federal regulations to protect the privacy of medical information. Plans and providers must provide enrollees and patients with a notice explaining their privacy rights and how their information will be used. The privacy rule gives patients the right to inspect and copy their medical records. Plans and providers are permitted to use and disclose health information for routine health care operations and for various specified national priority activities (e.g., law enforcement, public health, research). Providers may also share certain information with family members and others, provided the patient is given the opportunity to object. Prior written authorization is required for most other uses and disclosures. Plans and providers are required to have in place reasonable safeguards to protect the privacy of patient information and limit the information used or disclosed to the minimum amount necessary to accomplish the intended purpose of the use or disclosure. Entities that fail to comply with the rule are subject to civil and criminal penalties, but patients do not have the right to sue for violations of the rule. The health privacy rule does not preempt, or override, state laws that are more protective of medical records privacy.
