Privacy & Security

HIPAA is the federal Health Insurance Portability and Accountability Act passed in 1996. It requires health plans to protect the confidentiality of personal medical records and limit the personal health information released to others. GEHA has evaluated policies and procedures across the company and has taken steps to enhance privacy and security procedures already in place.

A Notice of Privacy Practices outlines how GEHA will maintain your privacy under HIPAA regulations, including GEHA's duties, how your protected health information may be used or disclosed, and your rights in regard to your health information. It is important that you carefully read the notice to fully understand how GEHA protects your privacy.

For a complete list of the HIPAA privacy notices and forms that you can download, complete online or have sent to you by regular mail, click Privacy & Security/HIPAA Materials.

For a PDF version of a Department of Health and Human Services' patient guide to the HIPAA Privacy Rule, which offers guidance regarding when health care providers may communicate about you with your family, friends or others involved in your care, click Patient's Guide to the HIPAA Privacy Rule.

For HIPAA materials for GEHA’s health plan, visit