The Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Breach Notification Rules protect the privacy and security of health information and provide individuals with certain rights to their health information. You play a vital role in protecting the privacy and security of patient information. This fact sheet discusses:
● The Privacy Rule, which sets national standards for when protected health information (PHI) may be used and disclosed
● The Security Rule, which specifies safeguards that covered entities and their business associates must implement to protect the confidentiality, integrity, and availability of electronic protected health information (ePHI)
● The Breach Notification Rule, which requires covered entities to notify affected individuals; U.S.Department of Health & Human Services (HHS); and, in some cases, the media of a breach of unsecured PHI.
The HIPAA Privacy Rule establishes standards to protect PHI held by these entities and their business associates:
● Health plans
● Health care clearinghouses
● Health care providers that conduct certain health care transactions electronically
When “you” is used in this fact sheet, we are referring to these entities and persons.
The Privacy Rule gives individuals important rights with respect to their protected PHI, including rights to examine and obtain a copy of their health records in the form and manner they request, and to ask for corrections to their information. Also, the Privacy Rule permits the use and disclosure of health information needed for patient care and other important purposes.