If you’ve ever been to the doctor’s office and signed the privacy notice form without reading it, you aren’t alone. Many people have no idea what’s written in that notice or why they’re asked to sign it. However, it contains information about your healthcare privacy rights, so it’s a good idea to be familiar with what you’re signing. Take note of these key points about privacy before your next appointment. What are your healthcare privacy rights? In 1996, the federal government passed the Health Insurance Portability and Accountability Act (HIPAA), which gives you certain rights regarding your health information. As part of HIPAA, the U.S. Department of Health and Human Services created the Privacy Rule, which establishes federal standards for protecting the use and disclosure of this information to certain organizations. This rule limits who can and cannot review your health information, and you also gain control over how that information is used. HIPAA does allow some of your information to be disclosed without your consent, such as for research purposes. The Privacy Rule protects what is known as “individually identifiable health information,” or data that can be used to identify who you are—for example, your name, date of birth, or Social Security number. This rule prevents covered entities—meaning the organizations required to follow HIPAA laws—from sharing your past, current or future mental or physical health conditions; information about the care you’ve received; and information about the payment for your care. Non-covered entities, however, are not subject to HIPAA laws in most cases. For example, if you share some of your health records with your employer to excuse an absence, your employer isn’t obligated by HIPAA rules. Which entities are required to follow HIPAA laws? Not all organizations that have your medical information are required to follow HIPAA regulations. For example, if the Human Resources office at your job has any health information about you, it wouldn’t be subject to HIPPA. Only “covered entities,” listed below, must comply with HIPAA. Health plans, such as insurance companies, most employer-sponsored group health plans, Medicare and Medicaid Healthcare providers—such as doctors, clinics, hospitals, pharmacies, dentists, psychologists, and others—who transmit health information electronically for certain transactions, such as referral requests and benefit eligibility inquiries Healthcare clearinghouses, which transmit claims or billing information to other entities in the healthcare system. For example, your doctor might send your bill to a healthcare clearinghouse to be reformatted and submitted to your insurance company. What’s in that HIPAA notice? The notice you sign at your doctor’s office outlines the requirements for your provider to protect your private health information. The notice should explain the ways the care provider is allowed to use your private health records under HIPAA, and it should also explain that you must authorize any other disclosures of your health information. You also have the right to complain to the Department of Health and Human Services if your rights are violated. Your physician is required to provide the HIPAA notice before your treatment, but you aren’t required to sign it. If you decline to sign, your physician is still legally allowed to treat you and may still share your health information with some entities as allowed under HIPAA. What other rights does HIPPA protect? In addition to keeping your medical information private, HIPAA also includes other protections, such allowing you to enroll in a new health plan in certain circumstances. For example, if you’re covered under your spouse’s healthcare plan but then he or she loses the job, you can enroll in your employer’s plan, even if it’s not open enrollment. You may also enroll in a new plan if you experience certain life events, such as the birth of a child, an adoption or placement for adoption, a marriage or divorce, or a death that leaves you without coverage. Be sure to request enrollment within 30 days of these special circumstances. HIPAA also prevents your employer from discriminating against you or your family members because of your health status, and you won’t have to pass a physical exam before you’re allowed to enroll in a health plan. While you can’t be denied coverage, HIPAA regulations do allow healthcare plans to deny benefits based on the source of an injury if it’s something other than a medical condition or an act of domestic violence. For example, if you get hurt horseback riding or bungee jumping, you may have to pay for your own treatment. But, even then, you would still be covered by the plan’s other benefits. As with most rules, there are exceptions to HIPAA protections. If you’re unsure of what’s covered or concerned about sensitive information being released, talk to your healthcare provider. He or she can answer your questions and clarify exactly how your information will—and won’t—be shared.