Covered entities must protect the privacy of individuals’ health records. “Covered entities” include most health plans, most health care providers, and health care clearinghouses. Covered entities are required by law to follow The Health Insurance Portability and Accountability Act (HIPAA), and must:
- Install safeguards to protect your health information.
- Reasonably limit uses and disclosures to the minimum necessary to accomplish their intended purpose.
- Have agreements in place with their contractors and others who perform functions or activities on behalf them. These agreements are to ensure that these contractors (referred to as "business associates") only use and disclose your health information properly and safeguard it appropriately.
- Have procedures in place to limit who can view and access your health information as well as implement training programs for employees about how to protect your health information.
To learn more about how HIPAA protects your health information, visit the U.S. Department of Health and Human Services (HHS) Office for Civil Rights.