How HIPAA Protects You & Your Medical Data

Things you should know


Patient data is quite sensitive and HIPAA provides a guideline of how employees in the health care sector should safeguard it from getting into the wrong hands. The Health Insurance Portability and Accountability Act is largely focused on enforcing privacy of data by restricting unauthorized access. The Office for Civil Rights oversees HIPAA enforcement by making follow-ups to employee training on HIPAA compliance. As a patient, you will not undergo such training but that is no excuse for being ignorant of how the act works to protect you and personal medical data.

Protection of patient data

A section known as the privacy rule was added to the HIPAA law in 2003 that was specifically supposed to address protection of personal medical data (PHI). This group of data aspects covers diagnosis, treatment, and individual identifiers like name and SSN which are individual specific.

The privacy rule also directs that in the event that patient data must be shared, only PHI aspects relevant to the health-specific tasks anticipated should be disclosed. This means that data is only shared by a select few and in a restricted format depending on what they intend to use the data for.

The security rule was in traduced to the HIPAA law later but its core role is to lay out guidelines as to how patient data privacy will be achieved. The security rule breaks down data safeguards into physical, technical and administrative. These safeguards should, however, be updated to accommodate new developments

These three safeguards are supposed to be used concurrently so as to enhance maximum protection of data. If the employees of all healthcare institutions receive HIPAA training, then a privacy conscious environment is nurtured. Such training is also an opportunity for organizations to update their staff members of the latest operational practices.

If these safeguards are used together, data protection is achieved every time. Physical safeguards such as clear desk policies ensure files are not stolen or read by unauthorized people, while technical safeguards like encryption make the data incomprehensible if it handled by an unauthorized person.

HIPAA privacy rule

The push behind the formulation of the HIPAA law was to ensure that patients that had health insurance did not lose out on the benefits when they changed employers. Now, patients refer to this act mainly when issues of their privacy come into play. Introduced to the HIPAA law in 2003, the privacy has become one of the most important components of this law. Examples of patient data elements that are protected under this rule include;

  • Name, both official and aliases
  • Telephone contacts
  • Physical and mailing address
  • Email addresses
  • Social security number
  • Clinical diagnosis
  • Treatment plan/action
  • Health insurance beneficiaries and details
  • Financial institutions memberships
  • Car license plate number

As a patient, the only way to detect if a violation of the HIPAA privacy law has occurred in your records is to be aware of information that falls under PHI. This law also defines the Minimum Necessary Rule that stipulates sharing of only personal information needed to perform a medical task.

Rights of patients under HIPAA

In as much as the primary role of HIPAA is to regulate the conduct of healthcare professionals, patients too, get to enjoy a number of rights under the same law. The rights are:

  1. Access to medical data – this right supersedes the existence of unpaid bills or unfulfilled financial obligations. The data can be availed in either hard or soft copy as the patient wishes.
  2. Correction of errors in records – this right gives the timeline for corrections as 60 days but if the correction is not made, the request must be indicated in the data.
  3. Information on data access – sometimes health institutions are required to share patient data with the government or other facilities for research or public health. The patient must be notified if it happens.

The OCR is the body that conducts regular facility audits to assess the level of HIPAA compliance. If the score is below average, they will offer guidance as to better ways of bringing it up. In case there is a HIPAA violation, it is the mandate of the OCR to prosecute the respective organization. Facilities can be expected at least a warning or fine if such cases are taken to court.

The Thrive Global Community welcomes voices from many spheres. We publish pieces written by outside contributors with a wide range of opinions, which don’t necessarily reflect our own. Learn more or join us as a community member!
Share your comments below. Please read our commenting guidelines before posting. If you have a concern about a comment, report it here.

You might also like...


How to Keep Your Health Information Private and Secure

by Malik Shahmeer

How Predictive Technology Is Improving The Patient Care Experience

by Jilea Hemmings

It’s About Time

by Samantha Lile

Sign up for the Thrive Global newsletter

Will be used in accordance with our privacy policy.

Thrive Global
People look for retreats for themselves, in the country, by the coast, or in the hills . . . There is nowhere that a person can find a more peaceful and trouble-free retreat than in his own mind. . . . So constantly give yourself this retreat, and renew yourself.


We use cookies on our site to give you the best experience possible. By continuing to browse the site, you agree to this use. For more information on how we use cookies, see our Privacy Policy.