HIPAA Privacy Rule

The Privacy Rule protects individually identifiable health information held by covered entities (health plans, healthcare providers, and healthcare clearinghouses) and their business associates. Covered entities must implement safeguards to protect health information and limit uses and disclosures.

Patients have rights to access their health records, request amendments, receive an accounting of disclosures, and request restrictions on certain uses. Covered entities must provide a notice of privacy practices and obtain written authorization for most uses of health information beyond treatment, payment, and healthcare operations.