Privacy Rights 8 min read

Understanding HIPAA: Your Rights in the Digital Age

Learn how HIPAA protections apply to modern health apps and what you need to know about your digital health privacy rights.

Dr. Sarah Chen
·
June 25, 2024

HIPAA was written in 1996, when “your medical record” meant a paper file in a doctor’s office. Today, that record lives across electronic health systems, health information exchanges, prescription networks, and a growing field of consumer health apps that mostly aren’t covered by HIPAA at all.

What HIPAA actually covers

HIPAA’s Privacy Rule applies to covered entities (healthcare providers, health plans, healthcare clearinghouses) and their business associates (vendors who handle protected health information on their behalf). If you’re using a fitness tracker, a period-tracking app, or a direct-to-consumer mental health platform that doesn’t bill insurance, HIPAA probably doesn’t cover them.

What HIPAA gives you

The Privacy Rule grants eight specific patient rights — including the right to access your records, the right to request an amendment, and the right to request restrictions on how your data is shared. Most patients don’t know about most of them, and most providers don’t make them easy to exercise.

What HIPAA doesn’t give you

HIPAA does not give you a right to deletion. Federal record-retention rules typically require providers to keep records for 6–10 years. HIPAA does not cover most consumer health apps. And HIPAA does not stop your data from being shared between covered entities through health information exchanges — that requires you to exercise your restriction rights affirmatively.

Full article coming soon. In the meantime, see /privacy-guide/hipaa-rights for the full breakdown.

Stop the flow of your health data.

HealthConsent® automates HIPAA restrictions and HIE opt-outs across 7M+ providers, insurers, and prescription networks.

Protect My Data