What is the HIPAA Privacy Rule? | Introduction and Overview

5. What is the HIPAA Privacy Rule?

Answer: The HIPAA Privacy Rule, as defined by the United States Department of Health and Human Services is federally mandated legislation that “…establishes national standards to protect individuals’ medical records and other personal health information and applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically.”
Source: http://www.hhs.gov/ocr/privacy/hipaa/administrative/privacyrule/

Additionally, the HIPAA Privacy Rule also requires appropriate safeguards to protect the privacy of personal health information, ultimately establishing strict limits and overall conditions on the uses and disclosures to be made of such information without patient authorization. Moreover, the HIPAA Privacy Rule also provide broad patients’ rights over their health information, such as the rights to examine and obtain a copy of their health records, along with other important conditions. The HIPAA Privacy Rule, along with the HIPAA Security Rule, are two of the most well-known elements of the Health Insurance Portability and Accountability Act of 1996, and for good reason. Both “rules” have numerous “standards” and “implementation specifications” that must be met, ultimately requiring a large number of documented HIPAA policies and procedures – and the supporting information – to be in place.


HIPAA Privacy Rule | Four (4) Main Provisions
More specifically, the core provisions of the HIPAA Privacy Rule consist of the following:

  • Uses and Disclosures
  • Individual Rights
  • Administrative Requirements
  • General Safeguards and Best Practices

And as with any regulatory compliance mandate – HIPAA being no different – a large part of being able to meet such mandates is having comprehensive policy documentation in place, and in the case of HIPAA, policies and procedures specific to the Privacy Rule and many other areas within the broader context of HIPAA itself.

Download HIPAA Policies and Compliance Toolkits Today
hipaapoliciesandprocedures.com also offers industry leading HIPAA toolkits for both Covered Entities (CE) and Business Associates (BA) consisting of high-quality security policies and procedures, training material, readiness checklists and templates, essential legal forms, a HIPAA specific disaster recovery manual, and so much more. Learn about our industry leading HIPAA compliance toolkits today.

If your organization is in need of a HIPAA audit, and or SSAE 16 SOC 1, and SOC 2 assessments that include testing of HIPAA provisions & mandates, please contact Charles Denyer at This email address is being protected from spambots. You need JavaScript enabled to view it., or at 1-800-277-5415, ext. 705 with the NDB Alliance of Firms. Learn more about NDB by visiting ndbcpa.com today.