And, if you pay cash for a medical service, you can tell the doctor not to share information with your insurer. The sensitivity sometimes arises with people paying out-of-pocket for mental health counseling, McAndrew said.
The onus of complying with the new rules will fall mainly on the health care industry and contractors. One of the most notable changes is that companies that provide support services to doctors and hospitals will now face steep penalties for unauthorized disclosures of patient information.
"The compliance bar for folks who work with health care providers is much higher now," said Bourque.
The rules take effect at the end of September, after a period for health care service providers to learn the new requirements.
The original federal privacy law, the Health Insurance Portability and Accountability Act, known as HIPAA, dates back to 1996.