Patient Privacy

Children’s Hospital Los Angeles understands that you may have concerns about privacy. Our patients are our No. 1 priority, and we believe that patient privacy is an integral part of the health care that we provide to your family.

To ensure the development of a lasting bond of trust with our patients, we have many policies in place to safeguard the privacy and security of patients’ personal information, and our employees are educated from the time they are hired to respect and protect our patients’ privacy. We have a dedicated Privacy team that can answer any questions families may have about the way in which their health information will be used.

Federal and state laws such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA) provide guidance for patients regarding their privacy rights and the use or disclosure of their medical information. These rights are described in detail in the Children’s Hospital Los Angeles Notice of Privacy Practices.

Notice of Privacy Practices

To see a copy of the notice, please click the appropriate link:

Notice of Privacy Practices (English)
Notice of Privacy Practices (Spanish)

Frequently Asked Questions

Q. What is HIPAA?

HIPAA is an acronym for the Health Insurance Portability and Accountability Act of 1996. It is a federal law designed to help protect your and your child’s health information.

Q. What does HIPAA do?

HIPAA protects the privacy and security of patient medical information in both written and electronic forms and establishes safeguards that health care providers must implement to protect that information. It also sets the terms by which medical information can be transmitted to other providers and to health insurers. It provides patients more control over, and access to, their medical information and sets limitations on the use and release of that information.

Q. Is Children’s Hospital Los Angeles required to comply with HIPAA?

Yes. CHLA is considered a “covered entity” under the law. Often, contractors, subcontractors, and other outside persons and companies that are not employees of CHLA will need to have access to your health information when providing services to CHLA. These entities are called “business associates” and are also required to comply with HIPAA.

Q. What information is protected under HIPAA?

The HIPAA Privacy Rule protects “individually identifiable health information” held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper or oral. The Privacy Rule calls this information “protected health information,” which is also referred to as “PHI.” PHI is information created or received by a covered entity that: (i) may relate to the past, present, or future physical or mental health or condition of an individual, the provision of health care to an individual, or the payment for the provision of health care to an individual; and (ii) identifies the individual who is the subject or based on which there is a reasonable basis to believe that the individual who is the subject can be identified.

The following are examples that could be considered individually identifiable information:

• Names
• Geographic subdivisions smaller than a state, including street address, city, county, precinct, zip code, and their equivalent geocodes, except for the initial three digits of a zip code in certain situations
• All elements of date (except year) for dates directly related to an individual, including birth date, discharge date, date of death, and all ages over 89 and all elements of dates indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older
• Telephone numbers
• Fax numbers
• Electronic mail addresses
• Social Security numbers
• Medical record numbers
• Health plan beneficiary numbers
• Account numbers
• Certificate/license numbers
• Vehicle identifiers and serial numbers
• Medical device identifiers
• Web universal resource locators (URLs)
• Internet protocol (IP) address numbers
• Biometric identifiers, including finger and voice prints
• Full-face photographic images and any comparable images
• Any other unique identifying number, characteristic or code

Q. How is Children’s Hospital Los Angeles ensuring compliance with HIPAA?

Children’s Hospital Los Angeles has implemented a number of controls to comply with HIPAA. Some of them are:

• A dedicated team of privacy professionals
• Regular, periodic training for members of its workforce
• Policies and procedures to help protect the privacy and security of patients’ individually identifiable health information
• HIPAA audits
• HIPAA-compliant forms
• A Notice of Privacy Practices that is available to all patients

Q. What are the rights that HIPAA gives to me or my child as a patient?

HIPAA provides many rights to patients. These rights include:

• The right to receive the Children’s Hospital Los Angeles Notice of Privacy Practices
  • Notice of Privacy Practices (English)
  • Notice of Privacy Practices (Spanish)
• The right to review and get a copy of your medical information
• The right to ask that your medical information be amended
• The right to ask for restrictions on the use of your health information
• The right to ask for confidential communications
• The right to an accounting of disclosures of your medical information
• The right to be notified if the privacy of your protected health information has been breached, as that is defined by HIPAA
• The right to file a complaint with Children’s Hospital Los Angeles or the U.S. Department of Health and Human Services’ Office for Civil Rights if you feel your privacy rights have been violated

Q. How can I request a copy of my or my child’s medical record?

You must fill out a form authorizing the release of medical records. The form can be accessed by clicking here. Submit the completed form to our Health Information Management Department.

Q. How much of my or my child’s information will be included in the response to my request for medical records?

Using the authorization forms referenced above, you may limit the request to specific dates of service. Most of the information in your or your child’s medical record pertaining to those particular dates of service will be included in the response to your request. However, certain portions of the medical record, such as psychotherapy notes, may not be included in the response.

Q. How do I request an amendment to my or my child’s medical information?

You may request an amendment be made to the medical record if you believe that information in the record is inaccurate. Subject to your health care provider’s discretion and applicable law, we will do our best to accommodate all reasonable requests. To request an amendment, please email compliance@chla.usc.edu.

Q. How do I request a restriction on the way in which my medical information is disclosed?

To request a restriction, please email compliance@chla.usc.edu.

Q. Whom should I contact if I have more questions about my privacy rights?

Children’s Hospital Los Angeles has a team of privacy professionals who are here to assist you with any questions related to the privacy of your health information. Please call the Office of Compliance and Privacy at 323-361-2302 for further information.

Q. Will my medical information be used for research purposes?

You may be asked to participate in research studies while you or your child is a patient at Children’s Hospital Los Angeles. However, your identifiable medical information will not be used for research purposes without your prior authorization.

Q. How can I learn more about HIPAA and patient privacy?

For more information about the privacy of your medical information, we recommend that you consult the following website: www.hhs.gov/ocr

Q. Whom should I contact if I have a complaint related to the privacy of my or my child’s medical information?

Please contact the Office of Compliance and Privacy at 323-361-2302 or call the Compliance HelpLine at 877-992-6675.