HIPAA+Privacy+Rule

The HIPAA Privacy Rule is a regulation published under the authority of the Health Insurance Portability and Accountability Act. It is closely related to the HIPAA Security Rule.

The following information is taken from the [|HIPAA Primer published by Phoenix Health Systems].

//The Privacy Rule is intended to protect the privacy of all individually identifiable health information in the hands of covered entities, regardless of whether the information is or has been in electronic form. The rule establishes the first “set of basic national privacy standards and fair information practices that provides all Americans with a basic level of protection and peace of mind that is essential to their full participation in their care”. 65 Fed. Reg. at 82464The Privacy standards://
 * //Give patients new rights to access their medical records, restrict access by others, request changes, and to learn how they have been accessed//
 * //Restrict most disclosures of protected health information to the minimum needed for healthcare treatment and business operations//
 * //Provide that all patients are formally notified of covered entities' privacy practices,//
 * //Enable patients to decide if they will authorize disclosure of their protected health information (PHI) for uses other than treatment or healthcare business operations//
 * //Establish new criminal and civil sanctions for improper use or disclosure of PHI//
 * //Establish new requirements for access to records by researchers and others//
 * //Establish business associate agreements with business parteners that safeguard their use and disclosure of PHI.//
 * //Implement a comprehensive compliance program, including//
 * //Conducting an impact assessment to determine gaps between existing information practices and policies and HIPAA requirements//
 * //Reviewing functions and activities of the organization's business partners to determine where Business Associate Agreements are required//
 * //Developing and implementing enterprise-wise privacy policies and procedures to implement the Rule//
 * //Assigning a Privacy officer who will administer the organizational privacy program and enforce compliance//
 * //Training all members of the workforce on HIPAA and organizational privacy policies//
 * //Updating systems to ensure they provide adequate protection of patient data//

External Links:
[|Text of HIPAA Privacy Rule] [|Text of HIPAA Security Rule]