Standards for Privacy of Individually Identifiable
Health Information (“Privacy Rule”) establishes, for
the first time, a set of national standards for the
protection of certain health information. The U.S.
Department of Health and Human Services (“HHS”)
issued the Privacy Rule to implement the requirement
of the Health Insurance Portability and
Accountability Act of 1996 (“HIPAA”).
The Privacy Rule standards address the use and
disclosure of individuals’ health information-called
“protected health information” by organizations
subject to the Privacy Rule - called “covered
entities,” as well as standards for individuals'
privacy rights to understand
and control how their health information is used.
Within HHS, the Office for Civil Rights (“OCR”) has
responsibility for implementing and enforcing the
Privacy Rule with respect to voluntary compliance
activities and civil money penalties. A major goal
of the Privacy Rule is to assure that individuals’
health information is properly protected while
allowing the flow of health information needed to
provide and promote high quality health care and to
protect the public's health and well being. The Rule
strikes a balance that permits important uses of
information, while protecting the privacy of people
who seek care and healing. Given that the health
care marketplace is diverse, the Rule is designed to
be flexible and comprehensive to cover the variety
of uses and disclosures that need to be addressed.
To view the entire Rule, and for other additional
helpful information about how it applies, see the