Your Rights Under HIPAA

Everywhere you turn, you are asked to sign a Notice of Privacy Practices - your doctor's office, the hospital, and your dentist's office. Most of us believe that our medical and other health information is private and should be protected, and we want to know who has this information.  The Privacy Rule, a Federal law, gives you rights over your health information and sets rules and limits on who can look at and receive your health information. The Privacy Rule applies to all forms of individuals' protected health information, whether electronic, written, or oral.  The Security Rule is a Federal law that requires security for health information in electronic forms. 1

Who Must Follow These Laws

We call the entities that must follow the HIPAA regulations "covered entities."

Covered entities include:
*  Health Plans, including health insurance companies.
* Most Health Care Providers, including most doctors, clinics, hospitals, nursing homes, dentists, and Fire Departments providing ambulance services.
*  Health Care Clearinghouses, entities that process nonstandard health information they receive from another entity into a standard.

In addition, business associates of covered entities must follow parts of the HIPAA regulations.

Covered entities must have contracts with their business associates, ensuring they properly use and disclose your health information and safeguard it appropriately.

Who is Not Required to Follow these Laws

Many organizations with health information about you do not have to follow these laws.

Examples of organizations that do not have to follow the Privacy and Security Rules include:
*  Life insurers
*  Employers
*  State agencies like child protective service agencies
*  Most law enforcement agencies
*  Many municipal offices

What Information is Protected

*  Information our Emergency Medical Technicians (EMTs) and Paramedics put in your medical records.
*  Conversations our staff has with the Emergency Room doctors and nurses about your care or treatment.
*  Most other health information about you held by those who must follow these laws

How has the City of Mount Vernon Fire Department protected my Information?

*  We have put safeguards to protect your health information and ensure we do not use or disclose it improperly.
*  We limit the uses and disclosures to the minimum necessary to accomplish their intended purpose.
* We have implemented procedures to limit who can view and access your health information and implemented training programs for
    employees about how to protect your health information .
*  Business Associates must also put safeguards to protect your health information and ensure they do not use or disclose it improperly.

What Rights Does the Privacy Rule Give Me over My Healthcare Information?

The City of Mount Vernon Fire Department must comply with your right to:
*  Ask to see and get a copy of your health records.
*  Have corrections added to your health information.
*  Receive a notice that outlines how your health information may be used or shared.
*  Decide if you want to give your permission before your health information can be used or shared for certain purposes, such as marketing.
*  Request that we restrict how your health information is used or disclosed.
*  Get a report on when and why your health information was shared for specific purposes.
*  If you believe your rights are being denied or your health information isn't being protected, you can:
     -  File a complaint with the Mount Vernon Fire Department.
     -  File a complaint with HHS

Who Can Look at and Receive Your Health Information?

The Privacy Rule sets rules and limits on who can look at and receive your health information.

To make sure that your health information is protected in a way that does not interferer with your health care, your information can be used and shared:
*  For your treatment and care coordination.
*  To pay for your ambulance ride to the hospital.
*  With your family, relatives, friends, or others, you identify who are involved with your health care or your health care bills unless you object.
* Protect the public's health by reporting when the flu is in your area.
*  To make required reports to the police, such as reporting gunshot wounds.

Your Health information cannot be shared without your written permission unless this law allows it.  For example, without your authorization, we cannot:
*  Give your information to your employer.
*  Use or share your information for marketing or advertising purposes or sell your information.


1  Content created with information provided by the Office for Civil Rights (OCR) and the U.S. Department of Health and Human Services.
2  Content last reviewed December 28, 2022