The HIPAA Privacy Rule
The HIPAA Privacy Rule establishes national Standards to protect individuals’ individually identifiable health information (collectively defined as “protected health information”), including medical records. Eighteen (18) identifiers make up protected health information. The Privacy Rule applies to:
1. health plans,
2. healthcare clearinghouses,
3. healthcare providers that conduct certain healthcare transactions electronically.
The Privacy Rule requires appropriate Safeguards to protect the privacy of protected health information and sets limits and conditions on the uses and disclosures that may be made of such information without an individual’s authorization. The Privacy Rule details an individual’s rights to:
1. examine and obtain a copy of their health records,
2. direct a HIPAA covered entity to transmit PHI to a third party
3. request corrections.
The HIPAA Security Rule
The HIPAA Security Rule is a set of national standards to protect individuals’ electronic personal health information that is:
by a HIPAA-covered entity.
The Security Rule requires Safeguards:
The Safeguards are designed to ensure the confidentiality, integrity, and security of electronic protected health information (“ePHI”).
A HIPAA Covered Entity or hybrid entity must regularly review and update its policies and procedures regarding the safeguards. If there is a breach, Covered Entities must perform an assessment which may drive edits or updates to the policies and procedures to remediate weaknesses in the Safeguards.