Basic Overview of HIPAA

Lately many have received information in the mail or directly from doctors, pharmacists, or other treating providers concerning our right to privacy regarding Health Care. The following is a brief summary to help you to understand why this is taking place now and how this can directly effect you and anyone who may access services from the medical profession.  The following information is not meant to serve as legal advice but rather to introduce and provide some general information that may facilitate your understanding of federal regulations that are completely available on the internet.

There are some acronyms and definitions that you will need to know:

HIPAA: Health Insurance Portability and Accountability Act
PHI: Protected Health Information
TPO: Treatment, Payment, Operations

  • Treatment -(Health care providers may use and disclose PHI about you to provide health care TREATMENT to you.)
  • Payment -(Providers may use and disclose PHI about you to obtain PAYMENT for services.)
  • Operations -(Providers may use and disclose your PHI for health care OPERATIONS.)
PO: Privacy Officer (Every practice must name a person who is responsible to oversee and implement the HIPAA regulations.)
COVERED ENTITY: (Please note that NOT all providers are “Covered Entities.” )Covered entities are those providers whose practices, policies and procedures meet certain criteria that would subject them to follow the laws presented in the HIPAA regulations regarding privacy practices, etc.  (e.g. all practices that do electronic billing must be HIPAA compliant)
NPP: Notices of Privacy Practices (Each practice that is subject to HIPAA regulations must give their consumers a detailed notice (NPP) which describes how medical information about you may be used and disclosed and how you can get access to this information.

HIPPA became a federal regulation in 1996.  It began when healthcare providers began doing electronic billing to the insurance companies through the internet.  A concern grew that consumers’ information could be accessed if the provider and the insurance companies did not take proper measures to secure the information.  Thus, to protect the consumers’ privacy, a whole set of regulations have been evolving since that time.

One of these regulations states that each consumer should receive a notification from their provider stating (in readable and interpretable language) how HIPAA will be utilized in their particular health care setting.   The consumer should sign a form stating that they have been given the Privacy Policy from the provider and that signed form is filed in consumers’ charts.  The document that you receive should indicate how your PHI will be used.  Usually it is used for TPO.

The following is a sample of a section of one provider’s policy (NPP) notifying consumers of their rights.


You have the following rights regarding PHI we maintain about you.  To exercise any of these rights, please submit your request in writing to our Privacy Officer (___________)

  • Right of Access to Inspect and Copy. You have the right, which may be restricted only in exceptional circumstances, to inspect and copy PHI that may be used to make decisions about your care.  Your right to inspect and copy PHI will be restricted only in those situations where there is compelling evidence that access would cause serious harm to you.  We may charge a reasonable, cost-based fee for copies.
  • Right to Amend. If you feel that the PHI we have about you is incorrect or incomplete, you may ask us to amend the information although we are not required to agree to the amendment.
  • Right to an Accounting of Disclosures. You have the right to request an accounting of certain of the disclosures that we make of your PHI.  We may charge you a reasonable fee if you request more than one accounting in any 12-month period.
  • Right to Request Restrictions. You have the right to request a restriction or limitation on the use or disclosure of your PHI for treatment, payment, or health care operations.  We are not required to agree to your request.
  • Right to Request Confidential Communication. You have the right to request that we communicate with you about medical matters in a certain way or at a certain location.
  • Right to a Copy of this Notice. You have the right to a copy of this notice.


If you believe we have violated your privacy rights, you have the right to file a complaint in writing with our Privacy Officer at [Inserted Name and Contact Information] or with the Secretary of Health and Human Services at 200 Independence Avenue, S.W.  Washington, D.C. 20201 or by calling (202) 619-0257.  We will not retaliate against you for filing a complaint .

If you have any questions, you could access more information at the following web sites:

This entry was posted in HIPAA. Bookmark the permalink.