What is the HIPAA Privacy Rule?

The HIPAA Privacy Rule, part of the Health Insurance Portability and Accountability Act (HIPAA), is a federal regulation in the US that safeguards individuals' health information privacy. Here are the key points:

What it Protects:

• Protected Health Information (PHI): This includes any individually identifiable information about a person's health or healthcare services, like medical records, billing information, and test results. The rule applies to PHI in electronic format (ePHI) and some paper records.

Who it Applies To:

• Covered Entities: These are healthcare providers, health plans, and healthcare clearinghouses electronically transmitting health information.

What it Does:

• Limits Use and Disclosure: The rule restricts how covered entities can use and disclose PHI without a patient's written authorization. Exceptions exist for treatment, payment operations, and public health activities.
• Patient Rights: Individuals can access, review, and amend their medical records. They can also request copies of their PHI and control how it's used for marketing.
• Security Standards: While the HIPAA Privacy Rule focuses on information use and access, it works in conjunction with the HIPAA Security Rule, which mandates specific technical safeguards to protect ePHI.

Overall Goal:

• Balance: The rule aims to balance protecting patient privacy and allowing the flow of health information needed for quality care, healthcare operations, and public health initiatives.

See Also: HIPAA Framework for Compliance

Return to Cybersecurity Frameworks and Standards Glossary