Back to HCC home

Text size

Large / Normal

Contact info

ComplianceLine Toll Free (Anonymous)

Report online


Health Insurance Portability and Accountability Act

The 1996 Health Insurance Portability and Accountability Act (HIPAA) mandated that the Department of Health and Human Services issue privacy standards. The regulations seek to protect the security and privacy of medical records and personally identifiable health information used or shared in any form, whether on paper, electronically or orally, by the hospital/CCHA entity and/or their business associates.

HIPAA allows us to share patient information for treatment, payment or hospital/CCHA entity operations (TPO). Operations or business activities of the hospital/CCHA entity may include quality improvement, training and auditing.

Protected health information

Protected health information (PHI) includes the patient's name, address, employer, relatives' names, date of birth, telephone/fax number, e-mail address, Social Security number, medical record number, account number, voiceprint, fingerprint, photo and/or codes as well as any other characteristics, such as occupation, which may identify the individual.

Privacy practices

Our patients receive a Notice of Privacy Practices Brochure, available in English, Spanish and Polish, that describes how medical information may be used and disclosed by the hospital/CCHA entity. Patients must sign that they received the brochure. Patients have the right to access their medical records and are provided with instructions on how access their medical record; request to amend information in their record; and request an accounting of where their PHI has been disclosed.

Any information related to a patient's health cannot be used unless authorized by the patient or someone acting on the patient's behalf, or permitted by the regulations. The hospital/CCHA entity must limit access to only those employees and individuals who need the information for a legitimate purpose.

HIPAA regulations affect information every CCHA and hospital employee deals with. Maintaining the security of private medical information is everyone's responsibility. No matter what the employee's position is, he or she is responsible for keeping patient information confidential and can help identify areas for improvement.