Health Insurance Portability and Accountability Act
The Health Insurance Portability and Accountability Act, or HIPAA, requires health care professionals to protect privacy and create standards for electronic transfers of health data. The Office for Civil Rights at the Department of Health and Human Services will enforce the regulations and impose penalties on institutions that do not make a good-faith effort on privacy and security.
HIPAA came about because of the public's concern about how health care information is used. HIPAA gives patients more control over their own health information. Duke Health Enterprise (DHE) is taking steps to provide you, our patient, with these patient rights, which include the right:
- To inspect and obtain a copy of your health information.
- To request that Duke Health Enterprise (DHE) amend health information in your records.
- To receive an accounting of certain disclosures we have made of your health information.
- To request that we restrict the use and disclosure of your health information.
- To request how and where we may contact you about medical matters.
- To receive a written notice of how we may use your health information.
HIPAA requires health care providers like DHE to follow certain rules to protect the privacy of patients' health information. For instance, DHE employees are not allowed to access information on patients unless they need the information to perform their jobs. Employees have received training on how to protect patient information, whether that information is spoken, on paper, or kept in a computer.
The Duke Health Enterprise is participating in this effort along with the majority of other health-care providers in the United States. Compliance with the HIPAA privacy rule is important to continuing our tradition of patient confidentiality.
At Duke, patients have a right to privacy! If you have a question about HIPAA or wish to report a privacy concern, please call 1-800-688-1867.
The four focus areas of HIPAA
- Electronic Data Interchange (EDI)
- Security and electronic signature
- Patient record privacy
- Standard identifiers