Privacy Fact Sheet
Fact sheet for protecting your health information
What health information is protected from unlawful disclosure
- Information your doctors, nurses and other health care providers put in your medical record.
- Conversations between your doctors and care teams about your care and treatment.
- Information about you in your health insurer’s computer system.
- Billing information about you at your medical clinic or hospital.
- Any other information held by those who must follow HIPAA and the Privacy Rule.
Organizations not governed by HIPAA and the Privacy Rule
- Life insurers
- Workers compensation carriers
- Schools and school districts
- State Agencies like Child Protective Services
- Law enforcement
- Government offices
You, as a patient, have the right to:
- Ask for and obtain a copy of your medical record. Fees may apply.
- Have corrections made to your medical record.
- Receive notice and give permission about how your health information may be used and/or shared.
- Obtain notice about when and why your health information was shared for certain purposes.
- File a complaint with your provider or health insurer if any of these rights are denied or your health information is compromised.
- File a complaint with the U.S. Department of Health & Human Services if any of these rights are denied or your health information is compromised.
Without your written approval, health providers and health insurers cannot:
- Share your health information with your employer.
- Use or share your health information for marketing, media and in-house publicity, advertising or other promotional purposes, and/or fund-raising or research purposes.
- Share private notes about your health care.
Types of security threats faced today by health care providers
- Hacker and disgruntled employee abuse.
- Untrained personnel mishandling.
- Exploitation by people not have a “need to know”.
- Unplanned power outages.
- Burglary and theft.
- Fire, flood and other natural disasters.
In the event a patient’s health information is compromised, Henry Ford will:
- Notify the patient(s) within 60 days of learning about the situation.
- Conduct a thorough investigation to determine what happened, how it happened, the number of patients affected and what patient health information was affected.
- Set up a toll-free telephone number to answer patient questions and concerns.
- Take correction action, which includes suspension and termination.
- Adhere to all federal regulations as outlined in the Health Insurance Portability and Accountability Act of 1996 and Privacy Rule.