The various rules of the Health Insurance Portability and Accountability Act (HIPAA) details out the specific guidelines to be followed by covered entities when storing and transacting the patients' medical and personal data, whether it is on paper or in the electronic form. Also how the data must be protected from unauthorized use and the penalties in case of violations are outlined too.
But as this Act has evolved, HIPAA has provided you with additional rights to know about privacy practices and your rights in matters concerning personal information. The following 2 points bring out the details of the Notice of Privacy Practices from the point of view of the covered entities and the consumer that is you.
* For Covered Entities: As per HIPAA rules in this case, covered entities will mean healthcare providers like doctors, clinics, nursing homes, dentists, psychologists and pharmacies and also health plans which includes insurance companies and company health plans. Group health plans, healthcare clearing houses and correctional institutes are excluded from such provisions. The covered entities must develop such a notice that explains the rights and practices and must then distribute the same. The notice should be written in a simple and easy-to-understand language and must clearly state how it will manage, utilize and disclose your personal information. Next it must include all its legal duties especially the ones that concern the privacy of Protected Health Information (PHI).
Furthermore the notice must speak about your rights and the ways in which you can contact the covered entity for any kind of clarifications or complaints. Finally it must have details of the authority whom you can contact in case of questions regarding the entity's policy with respect to privacy. This notice for privacy practices must be put up prominently on the entity website and must also be provided to anyone who asks for the same.
* For Consumers: A covered entity must send you its notice for privacy practices, and if you do not find it on the website you can immediately ask for a copy. Such a notice is very important for understanding your rights with respect to how your own information is managed. The notice will clearly state the circumstances under which your information can be disclosed to certain agencies under the law. Also the notice will let you know the conditions that require your written consent when using personal information. Note that the entity is prohibited from disclosing any information in violation to its own notice. You will get a proper understanding of how your PHI is safeguarded and what constitutes violation. Also there will be a number of channels provided through which you can approach the entity or a higher authority for any matter.
A health plan will mostly provide you with this notice at the time of enrollment while a healthcare provider will give it at the first appointment. HIPAA has several privacy laws which can become confusing and difficult to understand. Notices of Privacy Practices are simplified documents that will clarify most of your doubts and allow you to understand your important rights.