HIPAA: Protecting Your Health Information FAQ
Under HIPAA (Health Insurance Portability and Accountability Act), health care providers and insurers must protect your health information.
Health care providers include, but are not limited to:
- Home health agencies
- Nursing homes
If you have received care from one of these providers or if you have health coverage, you should receive a Notice of Privacy Practices. This document explains the provider’s or insurer’s privacy practices.
The Notice of Privacy Practices has a lot of helpful information. If you still have questions, check out the following list of common questions. You may find the answer you need.
FAQs (frequently asked questions)
Yes. In most cases, your health care provider and insurer must allow you to look over and get a copy of your health information.
Contact your health care provider or insurer to request your health information. They may ask you to provide your request in writing, or you may have to complete and sign an authorization form.
Maybe. Under HIPAA and Wisconsin laws, a health care provider or insurer can charge a reasonable fee for copies of your health information. Talk with them to find out their policy.
In general, no. Your employer can access your health information in some instances, such as:
- Your employer-acts as your health care insurer. If so, your employer must keep this information separate from your employment records, and they may not use your health information for employment-related decisions.
- You have filed a worker’s compensation claim against your employer.
Under Wisconsin law, employees who file for worker’s compensation waive all provider-patient privilege for information or results of any condition or complaint that is reasonably related to the reason for claiming compensation.
Under Wisconsin law, you must provide written authorization to allow your health care provider to discuss basic information—such as name, billing information and dates of service—with your advocate.
To help you get your bills paid, health care providers or insurers may use their professional judgment when discussing billing information.
If you want your advocate to discuss issues beyond a certain medical bill, you should sign an authorization form. This allows your provider or insurer to talk freely to your advocate. The authorization form may be on their websites.
Under Wisconsin law, you must give authorization to allow your health care provider to talk with your family and friends. In an emergency, providers may use their professional judgment when sharing information without your permission.
Yes. Emergency health care workers can access your health information—including name, health and treatment status—in an emergency.
If you believe your health information is incorrect, you can ask your provider or insurer to correct it. You may have to make the request in writing and give the reason for the change. The provider or insurer may deny the request, but they must explain why. Reasons for denial may include:
- They did not create the health information that you believe is incorrect.
- They believe the existing information is correct.
Yes. You have the right to ask for restrictions on how your health information is used and who sees it—even if the restriction affects your treatment or payment for services. You may restrict access to family or friends. You may also limit access to authorities involved with disaster relief efforts.
However, in most cases, your providers are not required to grant your request if they feel it is unreasonable or cannot be accommodated.
If your providers agree to your request, they must comply with restriction, except in a medical emergency and in certain other situations described in the Privacy Rule.
You may ask for your health information in different ways or places, as long as the request is reasonable. For example, you can learn about your health status in a special, private room or through a written letter sent to a private address.
Under Wisconsin and federal law, your provider must keep track of most health information disclosures. You have a right to ask for a list of these disclosures. This list must include the following information:
- Date of each disclosure
- Recipient of each disclosure
- A brief description of the health information included
- The reason for each disclosure
Your provider or insurer must comply with your request within 60 days, unless you agree to a 30-day extension. They cannot charge you for this list, unless you request more than one per year.
You have a number of options, including:
- Contact the privacy officer at your provider or insurer.
- Contact the U.S. Department of Health and Human Services Office of Civil Rights.
- Consult with an attorney to determine your best options.
Still have questions? Reach out to your health care provider or insurer. Under HIPAA, health care providers must respond to your questions about your health information.
The information on this page is not legal advice. Contact an attorney if you need legal advice.