Who Must Follow These Laws

We call the entities that must follow the HIPAA regulations "covered entities."


Covered entities include:


Health Plans, including health insurance companies, HMOs, company health plans, and certain government programs that pay for health care, such as Medicare and Medicaid.

Most Health Care Providers—those that conduct certain business electronically, such as electronically billing your health insurance—including most doctors, clinics, hospitals, psychologists, chiropractors, nursing homes, pharmacies, and dentists.

Health Care Clearinghouses—entities that process nonstandard health information they receive from another entity into a standard (i.e., standard electronic format or data content), or vice versa.

In addition, business associates of covered entities must follow parts of the HIPAA regulations.


Often, contractors, subcontractors, and other outside persons and companies that are not employees of a covered entity will need to have access to your health information when providing services to the covered entity. We call these entities “business associates.” Examples of business associates include:


Companies that help your doctors get paid for providing health care, including billing companies and companies that process your health care claims

Companies that help administer health plans

People like outside lawyers, accountants, and IT specialists

Companies that store or destroy medical records

Covered entities must have contracts in place with their business associates, ensuring that they use and disclose your health information properly and safeguard it appropriately. Business associates must also have similar contracts with subcontractors. Business associates (including subcontractors) must follow the use and disclosure provisions of their contracts and the Privacy Rule, and the safeguard requirements of the Security Rule.




This notice is a summary of how your protected health information is used and disclosed and how you can obtain access to this information.  Please see the front desk to review a full copy of our Notice of Privacy Practices.


Uses and Disclosures of Health Information

We use health information about you for treatment, to obtain payment for treatment, for administrative purposes, and to evaluate the quality of care that you receive.


We may use or disclose identifiable health information about you without your authorization for public health purposes, for auditing purposes, for research studies, and for emergencies.  We provide information when otherwise required by law, such as for law enforcement in specific circumstances.  In any other situations, we will ask for your written authorization before using or disclosing any identifiable health information about you.  If you choose to sign an authorization to disclose information, you can later revoke that authorization to stop any future uses and disclosures.


We may change our policies at any time.  Before we make a significant change in our policies, we will change our notice and post the new notice in the waiting area and in each examination room.  You can also request a copy of our notice at any time.  For more information about our privacy practices, contact the Rocky Boy Health Board.


Your Right





If you are concerned that we have violated your privacy rights, or you disagree with a decision we have made about accessing your records, you may contact the Rocky Boy Health Board and/or fill out a patient complaint form.  You may also send a written complaint to the U.S. Department of Health and Human Services.


Our Legal Duty


We are required by law to protect the privacy of your information, provide this notice about our information practices, and follow the information practices that are described in this notice.


If you have any questions or complaints, please contact: Chief Executive Officer, Rocky Boy Health Board, 96 Clinic Road, Box Elder, Montana 59521 or call (406) 395.4486.