1. HealthIT.gov >
  2. For Patients & Families >
  3. Frequently Asked Questions

Answer to Your Question

Who must follow HIPAA?

The following entities must follow The Health Insurance Portability and Accountability Act (HIPAA) regulations. The law refers to these as “covered entities”:

  • Health plans
  • Most health care providers, including doctors, clinics, hospitals, nursing homes, and pharmacies
  • Health care clearinghouses

HIPAA also applies to covered entities’ business associates (i.e., third parties that perform certain functions or activities that require the use of personal health information (PHI) including, for example, claims processing or administration). Entities that provide data transmission of PHI on behalf of a covered entity (or its business associate) and that require access on a routine basis to that PHI (such as regional Health Information Organizations (HIOs)) are considered to be business associates under HIPAA. Health information organizations that facilitate the exchange of electronic PHI primarily for treatment purposes between and among several health care providers.

For more information on covered entities or business associates, visit the U.S. Department of Health and Human Services (HHS) Office for Civil Rights.

Health Information Privacy and Security

How can I access my health information/medical record?
Ask your doctor or other health care providers for access to your health information. The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule gives you, with few exceptions, the...
How is my health information or medical record protected by HIPAA?
Covered entities must protect the privacy of individuals’ health records. “Covered entities” include most health plans, most health care providers, and health care clearinghouses...
What do I need to do if the privacy of my health information has been violated?
If you believe that a covered entity or business associate violated your health information privacy rights or committed another violation of the The Health Insurance Portability and Accountability...
Who can look at, receive and share my health information or medical record?
The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule sets rules and limits on who can look at and receive your protected health information, or information that relates...
What security safeguards are designed to prevent electronic health records from being “hacked?”
The The Health Insurance Portability and Accountability Act (HIPAA) Security Rule requires specific measures to safeguard your electronic protected health information to ensure its confidentiality...
Can I keep my own personal health records (PHR)?
More and more people are using personal health records (PHRs) to manage their health information and become full partners in the quest for good health. PHRs are different from electronic health...
What should I do if my doctor does not give me access to my records?
The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule gives you, with few exceptions, the right to inspect, review, and receive a copy of your medical records and billing...
What part of my health information is protected under HIPAA?
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) protects: Information your doctors, nurses, and other health care providers put in your medical record...

Related FAQs from Other Topics

What information does an electronic health record (EHR) contain?
Health IT and Electronic Health Records (EHRs)
How can health IT help doctors share information with patients?
Implementing EHRs
What is the importance of a personal health record (PHR)?
Health IT and Electronic Health Records (EHRs)
What is the difference between a Personal Health Record, an Electronic Health Record, and an Electronic Medical Record?
Health IT and Electronic Health Records (EHRs)
What is health information technology?
Health IT and Electronic Health Records (EHRs)