HIPAA Privacy Rule

The Standards for Privacy of Individually Identifiable Health Information, commonly known as the HIPAA Privacy Rule, establishes the first national standards to protect patients' personal health information (PHI).

Issued by the United States Department of Health and Human Services, the rule focuses on limiting the use and disclosure of sensitive PHI. It seeks to protect the privacy of patients -- by requiring doctors to provide patients an account of each entity to which the doctor discloses PHI for billing and administrative purposes -- while still allowing relevant health information to flow through the proper channels.  It also gives patients the right to access their own medical records.

The HIPAA Privacy Rule applies to organizations that are considered a HIPAA covered entity -- health plans, health care clearinghouses and health care providers. In addition, the HIPAA Privacy Rule requires covered entities that work with a HIPAA business associate to produce a contract that imposes specific safeguards on the PHI that the business associate uses or discloses.

Under the HIPAA Privacy Rule, falling victim to a health care data breach, as well as failing to give patients access to their PHI, could result in a fine from the Office for Civil Rights (OCR).

This was last updated in March 2012
Posted by: Margaret Rouse

Email Alerts

Register now to receive news, tips and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Do you have something to add to this definition? Let us know.

Send your comments to

Join the conversation Comment



    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.