Frequently Asked Questions




HIPAA FAQs


Health Insurance Portability and Accountability Act (HIPAA)


What is HIPAA?

HIPAA is considered a privacy rule. This privacy rule, which is federal law, gives you rights over your health information and sets rules and limits on who can look at and receive your health information. For more detailed information about HIPAA, please visit: http://www.hhs.gov/ocr/privacy/index.html.

Who must follow this law?

Entities that must follow the privacy rule are called covered entities. Covered entities include:
  • Health Plans, including health insurance companies, HMOs, company health plans and certain government programs that pay for health care, such as Medicare and Medicaid.
  • Most Healthcare Providers—those that conduct certain business electronically, such as electronically billing your health insurance—including most doctors, clinics, hospitals, psychologists, chiropractors, nursing homes, pharmacies and dentists.
  • Healthcare Clearinghouses—entities that process nonstandard health information they receive from another entity into a standard (i.e., standard electronic format or data content), or vice versa.
  • Medical Device Manufacturers, such as Baxa Corporation – While generally not considered covered entities under the Act, manufacturers may act as Business Associates in the provision of technical support related to their devices and software. Baxa Corporation provides Business Associate agreements to customers of our compounding system hardware and software. These agreements cover our activities under HIPAA in providing troubleshooting and technical support in compliance with the Act.

Who is not required to follow this law?

Many organizations that have access to your health information do not have to follow this law.

Examples of organizations that do not have to follow HIPAA include:
  • life insurers
  • employers
  • workers compensation carriers
  • many schools and school districts
  • many state agencies, like child protective service agencies
  • many law enforcement agencies
  • many municipal offices

What information is protected under HIPAA?

  • Information your doctors, nurses and other health care providers put in your medical record
  • Conversations your doctor has about your care or treatment with nurses and others
  • Information about you in your health insurer’s computer system
  • Billing information about you at your clinic
  • Most other health information about you held by those who must follow this law

How is this information protected under HIPAA?

  • Covered entities must put in place safeguards to protect your health information
  • Covered entities must reasonably limit uses and disclosures to the minimum necessary to accomplish their intended purpose
  • Covered entities must have contracts in place with their contractors and others ensuring that they use and disclose your health information properly and safeguard it appropriately
  • Covered entities must have procedures in place to limit who can view and access your health information as well as implement training programs for employees about how to protect your health information

What rights does this law give me over my health information?

Health Insurers and Providers who are covered entities must comply with your right to:
  • Ask to see and get a copy of your health records
  • Have corrections added to your health information
  • Receive a notice that tells you how your health information may be used and shared
  • Decide if you want to give your permission before your health information can be used or shared for certain purposes, such as for marketing
  • Get a report on when and why your health information was shared for certain purposes
  • If you believe your rights are being denied or your health information isn’t being protected, you can:
    • File a complaint with your provider or health insurer
    • File a complaint with the US Government

You can ask your provider or health insurer questions about your rights.

Who can look at and receive your health information under the law?

The federal law sets rules and limits on who can look at and receive your health information. To make sure that your health information is protected in a way that does not interfere with your health care, your information can be used and shared:
  • For your treatment and care coordination
  • To pay doctors and hospitals for your health care and to help run their businesses
  • With your family, relatives, friends or others you identify who are involved with your health care or your health care bills, unless you object
  • To make sure doctors give good care and nursing homes are clean and safe
  • To protect the public's health, such as by reporting when the flu is in your area
  • To make required reports to the police, such as reporting gunshot wounds

Your health information cannot be used or shared without your written permission unless this law allows it. For example, without your authorization, your provider generally cannot:
  • Give your information to your employer
  • Use or share your information for marketing or advertising purposes
  • Share private notes about your health care

Click here for Baxa Corporation's HIPAA Compliance Statement.

BACK TO TOP