At APNS, protecting the privacy and confidentiality of your health information is an important part of the care we provide. The Health Insurance Portability and Accountability Act (HIPAA) is a federal law designed to establish standards for the privacy, security, and appropriate use of personal health information.
HIPAA helps ensure that your medical information is used responsibly while still allowing healthcare providers to share information necessary to provide treatment, coordinate care, process payments, and operate healthcare organizations effectively.
What Is Protected Health Information (PHI)?
Protected Health Information (PHI) is any information that can identify you and relates to your health condition, healthcare services, or payment for healthcare services.
Examples include:
- Your name, address, phone number, email address, and date of birth
- Medical records and treatment notes
- Diagnoses and medical conditions
- Laboratory and imaging results
- Prescription and medication information
- Insurance and billing information
- Appointment records
- Communications between you and your healthcare providers
HIPAA requires healthcare organizations to take reasonable steps to safeguard this information from unauthorized access, use, or disclosure.
Why Healthcare Providers Use and Share Health Information
Healthcare providers are permitted to use and disclose health information for several important purposes without obtaining separate authorization each time.
Treatment
Healthcare providers may use and share information necessary to diagnose, treat, and coordinate your care. Examples include:
- Referring you to specialists
- Consulting with other healthcare professionals
- Reviewing laboratory results
- Coordinating prescriptions and treatment plans
- Managing ongoing healthcare needs
Payment
Health information may be used to obtain payment for healthcare services. Examples include:
- Preparing billing records
- Processing insurance claims
- Verifying coverage and benefits
- Collecting payment for services rendered
Healthcare Operations
Healthcare organizations use health information to improve the quality, safety, and effectiveness of care. Examples include:
- Quality assurance and performance improvement activities
- Clinical training and education
- Risk management and compliance reviews
- Licensing, accreditation, and credentialing activities
- Administrative and business operations
When Information May Be Shared Without Your Authorization
Federal and state laws allow or require healthcare providers to disclose certain information under specific circumstances.
Public Health Activities
Health information may be disclosed to:
- Report communicable diseases
- Monitor public health threats
- Report adverse medication reactions
- Assist with product recalls
- Support public health investigations
Legal and Regulatory Requirements
Healthcare providers may be required to disclose information:
- In response to court orders
- In response to subpoenas and lawful requests
- To government agencies conducting authorized investigations
- To comply with federal, state, or local laws
Health and Safety Concerns
Information may be disclosed when necessary to:
- Prevent a serious and imminent threat to health or safety
- Protect patients or the public
- Assist emergency responders
Abuse, Neglect, and Domestic Violence
Healthcare providers may be required by law to report suspected:
- Child abuse
- Elder abuse
- Neglect
- Domestic violence
Law Enforcement and Government Functions
In limited circumstances, information may be shared with law enforcement agencies or government authorities when authorized or required by law.
Your Rights Regarding Your Health Information
HIPAA provides patients with several important rights regarding their health information.
Right to Access Your Records
You generally have the right to inspect and obtain copies of your medical records and certain other health information maintained by your healthcare provider.
Right to Request Corrections
If you believe information in your medical record is inaccurate or incomplete, you may request that it be corrected or amended.
Right to Request Confidential Communications
You may request that healthcare providers communicate with you through specific methods or at specific locations. Examples include:
- Sending mail to a post office box
- Contacting you only through a specific phone number
- Using a designated email address
Right to Request Restrictions
You may request restrictions on certain uses and disclosures of your information. While providers are not always required to agree to every request, they will consider reasonable requests consistent with applicable law.
Right to Receive an Accounting of Certain Disclosures
You may request information regarding certain disclosures of your health information that occurred outside of treatment, payment, and healthcare operations.
Right to Receive Privacy Information
You have the right to receive information explaining how your health information is protected and how it may be used and disclosed.
Right to Designate a Representative
You may authorize another individual, such as a healthcare power of attorney, legal guardian, or personal representative, to exercise certain rights on your behalf.
Right to File a Privacy Complaint
You have the right to file a complaint if you believe your privacy rights have been violated. Federal law prohibits retaliation against individuals who exercise their privacy rights or file complaints.
Electronic Health Information
Modern healthcare increasingly relies on electronic systems to improve patient care, communication, and efficiency. Electronic health records, patient portals, telehealth platforms, electronic prescribing systems, and secure messaging services may all be used to support your care.
Healthcare organizations are required to implement administrative, physical, and technical safeguards designed to protect electronic health information from unauthorized access, disclosure, alteration, or destruction. Although no security system can guarantee absolute protection, healthcare providers are expected to use reasonable and appropriate measures to maintain the confidentiality, integrity, and availability of patient information.
HIPAA Does Not Prevent Quality Healthcare
A common misconception is that HIPAA prevents healthcare providers from communicating with one another or coordinating care. In reality, HIPAA was designed to allow appropriate information sharing among healthcare professionals while protecting patient privacy. Healthcare providers may share information necessary to treat patients safely and effectively, coordinate care among providers, prevent medication errors, improve clinical outcomes, and respond to emergencies.
Our Commitment to Privacy
APNS is committed to maintaining the confidentiality, integrity, and security of patient information. We recognize that healthcare information is highly personal and sensitive, and we strive to protect that information while ensuring that it is available when needed to provide safe, effective, and coordinated care.
Protecting patient privacy is not only a legal obligation—it is an essential part of the trust that forms the foundation of the provider-patient relationship.
Complaints and Questions
You may also file a complaint with:
Office for Civil Rights
U.S. Department of Health and Human Services
200 Independence Avenue, S.W.
Washington, D.C. 20201
https://www.hhs.gov/ocr/privacy/hipaa/complaints/
APNS will not retaliate against any individual for filing a complaint.
For more information, please visit the HHS Model Notices of Privacy Practices.