Protecting Your Privacy & Security

Protecting the Privacy and Security of Your Health Information

The privacy and security of patient health information is a top priority for patients and their families, health care providers and professionals, and the government. Federal laws require many of the key persons and organizations that handle health information to have policies and security safeguards in place to protect your health information — whether it is stored on paper or electronically.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Breach Notification Rules are the main Federal laws that protect your health information. The Privacy Rule gives you rights with respect to your health information. The Privacy Rule also sets limits on how your health information can be used and shared with others. The Security Rule sets rules for how your health information must be kept secure with administrative, technical, and physical safeguards.

You may have additional protections and health information rights under your State's laws. There are also Federal laws that protect specific types of health information, such as information related to Federally funded alcohol and substance abuse treatment.

Your Privacy Rights

If you believe your health information privacy has been violated, the U.S. Department of Health and Human Services has a division, the Office for Civil Rights, to educate you about your privacy rights, enforce the rules, and help you file a complaint.


Health care providers and other key persons and organizations that handle your health information must protect it with passwords, encryption, and other technical safeguards. These are designed to make sure that only the right people have access to your information.

Be Responsible

While Federal law can protect your health information, you should also use common sense to make sure that private information doesn’t become public. If you access your health records online, make sure you use a strong password and keep it secret. Keep in mind that if you post information online in a public forum, you cannot assume it’s private or secure.