The HIPAA Privacy Rule is a 2003 addition to the original Health Insurance Portability and Accountability Act of 1996 (HIPAA). HIPAA required the Secretary of the US Department of Health and Human Services (HHS) to develop regulations protecting the privacy and security of certain health information.
The HIPAA Privacy Rule sets national standards to safeguard individuals’ medical records and other protected health information (PHI) and establishes when PHI may be used and disclosed. The HIPAA Privacy Rule applies to health plans, health care clearinghouses, and health care providers that conduct certain health care transactions electronically.
The HIPAA Privacy Rule requires appropriate safeguards to protect the privacy of personal health information and sets limits and conditions on the uses and disclosures of such information without patient authorization. The Privacy Rule also gives patients rights over their health information, including rights to examine and obtain a copy of their health records and request corrections.
Companies seeking to establish and maintain HIPAA compliance must fulfill the requirements of the initial Act of 1996, its subsequent amendments and additions—including the HIPAA Privacy Rule—and any related legislation.