What is the HIPAA Privacy Rule?

The HIPAA Privacy Rule is a set of regulations issued by the U.S. Department of Health and Human Services (HHS) that establishes national standards for protecting the privacy and security of individually identifiable health information. The Privacy Rule was created under the Health Insurance Portability and Accountability Act (HIPAA) of 1996, and it applies to covered entities such as health plans, healthcare providers, and healthcare clearinghouses that transmit or maintain health information electronically.

The Privacy Rule sets forth specific requirements for covered entities to protect the privacy of individuals' protected health information, including how the information is used, disclosed, and accessed. It also gives individuals certain rights with respect to their health information, such as the right to access and obtain a copy of their medical records, and the right to request that their information be amended or corrected.

The Privacy Rule requires covered entities to implement appropriate administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of individuals' health information. Covered entities are also required to train their workforce members on their privacy policies and procedures, and to have sanctions in place for workforce members who fail to comply with those policies. The Privacy Rule also establishes penalties for covered entities that fail to comply with its requirements, including fines and other enforcement actions by HHS.