HIPAA Privacy Rule

The Standards for Privacy of Individually Identifiable Health Information, commonly known as the HIPAA Privacy Rule, establishes the first national standards to protect patients' personal health information (PHI).

Issued by the United States Department of Health and Human Services, the rule focuses on limiting the use and disclosure of sensitive PHI. It seeks to protect the privacy of patients -- by requiring doctors to provide patients an account of each entity to which the doctor discloses PHI for billing and administrative purposes -- while still allowing relevant health information to flow through the proper channels.  It also gives patients the right to access their own medical records.

The HIPAA Privacy Rule applies to organizations that are considered a HIPAA covered entity -- health plans, health care clearinghouses and health care providers. In addition, the HIPAA Privacy Rule requires covered entities that work with a HIPAA business associate to produce a contract that imposes specific safeguards on the PHI that the business associate uses or discloses.

Under the HIPAA Privacy Rule, falling victim to a health care data breach, as well as failing to give patients access to their PHI, could result in a fine from the Office for Civil Rights (OCR).

This was last updated in March 2012

Continue Reading About HIPAA Privacy Rule

Dig Deeper on Federal health care policy issues and health care reform



Find more PRO+ content and other member only offers, here.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.


File Extensions and File Formats

Powered by: