Resource Library

Privacy Rule

The Privacy Rule is a part of the Health Insurance Portability and Accountability Act (HIPAA) that governs the use and disclosure of certain patient information held by “covered entities,” such as medical service providers and health insurers.

The Privacy Rule lays out a policy for the use and disclosure of protected health information (PHI). PHI is defined as any information held by a covered entity that includes any part of a patient’s medical records or payment history.

The Privacy Rule gives individuals the right to request that a covered entity correct any inaccurate PHI. It also requires these entities to take practical measures to ensure the privacy of patient communications, such as asking individuals whether they prefer to be called at their work number, instead of their home or mobile number.

In addition, the Privacy Rule requires covered entities to inform individuals how their PHI may be used, and to keep track of disclosures of PHI as well as privacy policies and procedures. These organizations must also assign a Privacy Official and a contact person in charge of receiving complaints and training all members of their workforce regarding PHI procedures.