- Health information protected for each consumer includes, but isn't limited to, information written by health care providers, external communications about individual health by providers and billing information relating to individual health.
- Institutions for which health information is regulated under this act are called covered entities, which include insurance companies, clinics, hospitals, pharmacies and dentists.
- Certain organizations that hold consumer health records that aren't covered under the act include life insurance companies, some school districts, most state agencies and some employers.
- Though the act regulates personal health information disclosure for certain covered entities, those entities must disclose certain information, personal health included, to certain public health authorities if the information could be vital to the prevention of a contagious disease.
- Covered entities can use individual health information for research purposes only if they receive individual authorization first. The only time when individual authorization isn't required is if the covered entity obtains approval from the Documented Institutional Review Board or the Privacy Board.
next post