Home > Consumer Info > Privacy & Security

Privacy & Security


Federal and state privacy laws, including the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Arkansas Personal Information Protections Act are designed to protect your health information.  These laws require that your information be kept secure both while it is being e-mailed or transmitted on a computer and while it is at your health provider’s office.  The electronic health systems used by health care providers must meet both privacy and security requirements. Some of these requirements include password protection and the encryption of your information so that only authorized individuals can read your health records. In addition, logs are maintained so that the provider can determine who has accessed your records and other access controls are required to be implemented and routinely monitored. Perhaps most importantly, both of these laws require that a health care provider who has breached your information notify you of the breach and give you any information you may need to protect your records.

What is HIPAA and how does it help protect my medical record?

Congress passed HIPAA in 1996 and began its implementation in 2003 by requiring health care providers to comply with a set of Privacy Standards. In 2005, the HIPAA Security Standards were implemented and most recently, in 2009, Congress further enhanced HIPAA by passing the Health Information Technology for Economic and Clinical Health Act (HITECH).

Although HIPAA permits your health care provider to disclose your information for certain purposes including disease control, public health purposes and law enforcement, it prohibits your health care provider from wrongfully disclosing your health information and requires your health care provider to make reasonable efforts to protect the privacy and security of your medical records. Some of the other rights which HIPAA provides you include:

  • It gives you the right to request an accounting to see who has accessed your health information.
  • It sets boundaries on the use and disclosure of your health records.
  • It establishes safeguards that health care providers must meet to help protect the privacy of health information.
  • It balances the need for patient privacy with public health needs.
  • It gives you the right to look at and get a copy of your health record and to request that errors be corrected.
  • It provides for required notice to you in the event of a breach of your health information
  • It provides you the right to file a complaint with the Office of Civil Rights or the health care entity if your rights under HIPAA have been violated.

OHIT Privacy Policies - PDF


While neither paper nor electronic records are 100 percent secure, electronic heath records are capable of providing enhanced security measures through the use of audit logs, which identify anyone accessing your records, access controls which ensure that only those individuals with a need to know see your record and encryption which encodes your health record to provide a higher level of security.  Every doctor, nurse, or technician has a different level of access to your records, which is based on your consent and access requirements. There are levels of authentication and technological safeguards health care providers must meet, including personal security passwords and security questions, security tokens, and encryptions.


Arkansas Office of Health
Information Technology

The Prospect Building
1501 N. University Ave, Ste. 420
Little Rock, AR 72207
Google Map | Contact Us