Your Internet Guide to the resources devoted to serving older adults on
Cape Cod and the Islands.

What is HIPAA?

The new federal guidelines that further protect the privacy of your medical information are part of the comprehensive Health Insurance Portability and Accountability Act, or HIPAA. These rules which became effective in April 2003, give you more control over, and knowledge about, who is using your medical information and for what purpose. Many organizations already have many measures in place to protect your privacy, but HIPAA has set broader standards and applied them to hospitals, health-care providers, and insurers nationwide. You can learn more about HIPAA by visiting the website.

When may an organization use and share your health information:

An organization may use health information about you or your child without your written permission for the limited purposes of:

Treatment: This involves providing, managing, and coordinating care to meet your needs. It may also involve sharing information with other providers, such as your own doctor or caregivers at other institutions.

Payment: An organization may share your health information with your insurance company as needed to bill for your care.

Health-care operations: An organization may use medical information to assess and improve quality of care and train its staff. They can also:
  • send announcements or call you about appointment reminders.
  • contact you about patient-care issues and treatment choices; and
  • tell you about services that may benefit and/or interest you.
When else can an organization share your health information without your written authorization?
  • to allow business associates to assist us with treatment, payment, or health-care operations;
  • to prevent or control disease, such as reporting infectious diseases to boards of health;
  • to communicate with law-enforcement offers in certain situations;
  • unless you tell an organization otherwise, to communicate with family and others involved in your care, and;
  • when necessary, to comply with a subpoena court order, or other legal requirement.
When must an organization obtain your written authorization to use and share your health information?

An organization needs your written authorization to share your health information concerning certain types of care, such as:
  • treatments for sexually transmitted diseases;
  • HIV testing and/or test results;
  • Genetic testing and/or test results;
  • Substance abuse rehabilitation; and
  • Sensitive information such as sexual assault counseling or communication between you and a mental health provider.
Your Rights

You have the right to:
  • Inspect and receive copies of your medical information.
  • Request, in writing, changes to your health information. An organization will try to honor your request, but it is not legally required.
  • Request, in writing, that an organization limit how they use or share health information about you or your child. However, the organization may not be able to comply with all requests.
  • Withdraw, in writing, any authority you have given to share your information. However, the organization won't be able to take back information they have previously given out.
  • Request, in writing, and receive a record of times when the organization has shared your health information without your written permission except when related to treatment, payment, or health-care operations.
Our Responsibilities

The law requires us to:
  • maintain the privacy of health information about you or your child.
  • provide a privacy notice of our duties, your rights, and our privacy practices;
  • follow the terms of our notice; and
  • notify you if we cannot continue honoring your request.


Other Articles in Inter-Generations   
Contact Inter-Generations at


©1996-2023 Inter-Generations