What You Can Do to Protect Your Health Information

Health care professionals and the federal government take your health information privacy seriously. You should too.

Take Control. Protect Your Health Information.

HIPAA protects your health information when it is held by most health care providers, health insurers, and other organizations operating on behalf of your health care provider or health plan.

However, it's also important to protect health information that you control. If you store health information on your personal computer or mobile device, exchange emails about it, or participate in health-related online communities, here are a few things you should know:

  • While the HIPAA Privacy and Security Rules are in place to protect and secure your health information when it is held by your health care provider (such as your doctor or hospital) or health insurance company, those laws do not apply if you share your health information with an organization that is not covered by HIPAA. For example, if you post that information online yourself — such as on a message board about a health condition, it is not protected by HIPAA. Never post anything online that you don't want made public.
  • Your doctor uses tools to protect and secure your health information at his or her office. You can do the same at home. If you have health information stored on your home computer or mobile device — or if you discuss your health information over email — simple tools like passwords can help keep your health information secure if your computer is lost or stolen.
  • There are medical identity thieves that could try to use your personal and health insurance information to get medical treatment, prescription drugs, or surgery. The best way to protect yourself against this possibility is to make sure you verify the source before sharing your personal or medical information. Safeguard your medical and health insurance information and shred any insurance forms, prescriptions, or physician statements. For more information about medical identity theft, visit the Federal Trade Commission (FTC) website to learn how to protect yourself.
  • If you store your health information online, you should be sure to read the website's privacy policy and terms of service. For practical additional tips to help you protect and secure your health information online, visit: OnGuardOnline.gov.

How can I file a complaint?

If you believe your information was used or shared in a way that is not allowed under the HIPAA Rules, or if you were not able to exercise your rights, you can file a complaint with your provider or health insurer. The notice of privacy practices you receive from them will tell you how to file a complaint. You can also file a complaint with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights or your State's Attorneys General Office.

If you believe that an online company that is not covered by HIPAA, such as a message board, has shared your health information in a way that conflicts with their privacy policy on their website, you can file a complaint with the Federal Trade Commission.