What is the HIPAA Privacy Rule?
The HIPAA Privacy Rule is a 2003 addition to the original Health Insurance Portability and Accountability Act of 1996 (HIPAA). HIPAA required the Secretary of the US Department of Health and Human Services (HHS) to develop regulations protecting the privacy and security of certain health information.
The HIPAA Privacy Rule sets national standards to safeguard individuals’ medical records and other protected health information (PHI) and establishes when PHI may be used and disclosed. The HIPAA Privacy Rule applies to health plans, health care clearinghouses, and health care providers that conduct certain health care transactions electronically.
The HIPAA Privacy Rule requires appropriate safeguards to protect the privacy of personal health information and sets limits and conditions on the uses and disclosures of such information without patient authorization. The Privacy Rule also gives patients rights over their health information, including rights to examine and obtain a copy of their health records and request corrections.
Companies seeking to establish and maintain HIPAA compliance must fulfill the requirements of the initial Act of 1996, its subsequent amendments and additions—including the HIPAA Privacy Rule—and any related legislation.
Additional resources you might like:
Do you have questions about SOC 2, ISO 27001, HIPAA, or other security and privacy frameworks? Wondering if, when, and how to achieve compliance (as painlessly as possible)? Join the next office hours with Vanta team leaders to learn about compliance for growing startups
