Understanding HIPAA Privacy
The Privacy Rule provides federal protections for personal health information held by covered entities and gives patients an array of rights with respect to that information. At the same time, the Privacy Rule permits the disclosure of personal health information needed for patient care and other important purposes, including fundraising for the covered entity.
The Office for Civil Rights enforces the HIPAA Privacy Rule, which protects the privacy of individually identifiable health information, and the confidentiality provisions of the Patient Safety Rule, which protect identifiable information being used to analyze patient safety events and improve patient safety.
Who Is a Covered Entitiy
The Administrative Simplification standards adopted by Health and Human Services (HHS) under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) apply to any entity that is:
- a health care provider that conducts certain transactions in electronic form (called here a "covered health care provider").
- a health care clearinghouse.
- a health plan.
An entity that is one or more of these types of entities is referred to as a "covered entity" in the Administrative Simplification regulations.