HIPAA Privacy Rule

The Standards for Privacy of Individually Identifiable Health Information, commonly known as the HIPAA Privacy Rule, establishes the first national standards to protect patients' personal health information (PHI).

The Standards for Privacy of Individually Identifiable Health Information, commonly known as the HIPAA Privacy Rule, establishes the first national standards to protect patients' personal health information (PHI).

Issued by the United States Department of Health and Human Services, the rule focuses on limiting the use and disclosure of sensitive PHI. It seeks to protect the privacy of patients -- by requiring doctors to provide patients an account of each entity to which the doctor discloses PHI for billing and administrative purposes -- while still allowing relevant health information to flow through the proper channels.  It also gives patients the right to access their own medical records.

The HIPAA Privacy Rule applies to organizations that are considered a HIPAA covered entity -- health plans, health care clearinghouses and health care providers. In addition, the HIPAA Privacy Rule requires covered entities that work with a HIPAA business associate to produce a contract that imposes specific safeguards on the PHI that the business associate uses or discloses.

Under the HIPAA Privacy Rule, falling victim to a health care data breach, as well as failing to give patients access to their PHI, could result in a fine from the Office for Civil Rights (OCR).

This was first published in March 2012

Continue Reading About HIPAA Privacy Rule

Glossary

'HIPAA Privacy Rule' is part of the:

View All Definitions

Dig deeper on Federal health care policy issues and health care reform

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

File Extensions and File Formats

Powered by:

SearchCompliance

SearchCIO

SearchCloudComputing

SearchMobileComputing

SearchSecurity

SearchStorage

Close