Health care providers are now forbidden from disclosing information about a patient to their employer without the patient’s permission. This change and others are part of the first federal privacy standards for patients’ medical records and health information.

The new rules, effective April 2003, give patients access to their medical records, together with control over how personal health information is used and disclosed. In some cases, patients can restrict the sharing of this information. The standards were developed by the U.S. Department of Health and Human Services as part of the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

Although the HIPAA rules impact doctors, hospitals, and other health care providers, it’ll also affect businesses, according to reports by Reuters. Health care providers won’t be able to release medical information about an employee who’s a patient to an employer without the patient’s permission in “non-routine” cases.

Small but noticeable changes are also part of the effort to keep health information confidential. One example is that sign-in sheets in doctors’ offices cannot display patients’ medical problems.

The rules require providers to give patients notices about how health information is used. Patients also have the right to copy health records and request corrections of errors.