Health Care Tools

In 1996, Congress passed the Health Insurance Portability and Accountability Act (HIPAA). This Act provides patients with certain privacy rights regarding the use and transmission of their confidential health information. HIPAA also imparted corresponding duties on health care providers to protect patient privacy. The HITECH Act expands certain obligations for health care providers.  For more information about patient rights under HIPAA, contact The Stevenson Law Firm, PC. to speak with a health law attorney.

HIPAA Privacy Requirements

Under HIPAA, health plans, health care clearinghouses and providers have a duty to protect the confidentiality of all individually identifiable health care information, referred to as “protected health information”. HIPAA’s privacy requirements apply to information transmitted electronically, by paper and orally.

Patient Rights

Written Notice Requirement

Health care providers are required to provide patients with a written notice explaining the extent to which their health information can be disclosed, their rights to access their own health information and the providers’ duty to protect patients’ protected health information. Providers must provide the notice during the patient’s first visit, or if this is not possible (such as in the case of an emergency), during a reasonable period of time after the first visit. Providers must receive written acknowledgment from patients that they received a copy of the notice and have read it.

Access to Patient Records

HIPAA also requires that patients are provided an opportunity to view their own medical records and make copies, if so desired. Patients also may request any errors in their records are corrected.

Informed Consent 

In accordance with HIPAA, patients must give written, informed consent before their health information can be used or disclosed for any other purpose other than for treatment, payment or health care operations. The consent also must sate that the patient has the right to request the health care provider restrict its use or disclosure of the protected health information.

Complaint Process

HIPAA does not provide a private cause of action to patients who believe their rights under the statute have been violated. Rather, the patient should submit any complaints to the Department of Health and Human Services Office of Civil Rights (OCR).  Patients may have individual state law claims depending on whether, and to what extent, the patient suffered injuries as a result of improper disclosure of their health information.


HIPAA offers important privacy protections to patients and their confidential health information. To learn more about HIPAA compliance, contact an attorney knowledgeable about HIPAA who can help you answer your questions. Call The Stevenson Law Firm, PC. at (832) 413-5222.