HIPAA Privacy Rule: Definition & Procedures

Instructor: Lucinda Stanley

Lucinda has taught business and information technology and has a PhD in Education.

This lesson will discuss elements of the HIPAA privacy rule, including how it came about, who is covered, and what information is protected. This lesson will also discuss some of the principles for uses and disclosure that are contained in the privacy rule.

Privacy Rule as Part of HIPAA

HIPAA is the Health Insurance Portability and Accountability Act that was made a law in 1996. Part of the act stipulated that national standards or guidelines to protect the privacy of patients' medical records needed to be established. Since congress did not enact any privacy legislation in conjunction with HIPAA, the secretary of the Health and Human Services department developed the privacy rules, which were enacted in 2000 and modified in 2002.


The privacy rule provides national standards to protect a patient's identity while still allowing for information to be available to those who need it in order to provide quality care to the individual and to protect society (in the event of a contagion). Let's take a look at some of the stipulations of the privacy rule.

Privacy Rule Overview

The standards laid out in the privacy rule include who must comply with the rule, called covered entities, and what information must be protected.

Covered Entities

Covered entities are individuals or organizations that have access to an individual's medical information in the course of doing their jobs. Covered entities would include the following:

  • Health plans: Organizations that process health insurance claims.
  • Health care providers: Any medical, dental, chiropractic, or pharmaceutical professional or organization that provides care or treatment to an individual. This also includes nursing homes and clinics.
  • Health care clearinghouse: Any organization or individual that specializes in processing health information, such as a billing service.
  • Business associates: Any organization or individual that holds a contract to perform their duties where they may have access to an individual's medical information. These could include, among others, CPA's, attorneys, and independent medical transcriptionists.

Protected Information

According the privacy rule, the covered entities are responsible for maintaining the privacy of an individual's medical records. They must have specific procedures in place to make sure certain information is not shared with any individual or entity that does not need it. This information includes:

  • Personally identifiable information (PII): Information that can be used to identify the individual, such as social security number, name, address, or birthdate.
  • Medical condition: Information about an individual's physical or mental condition whether in the past, the present, or the future. For example, if your DNA test indicated you had a predisposition for cancer, that information is protected.
  • Payment: Information about any payments an individual made to a health care provider (again, whether in the past, the present, or the future).
  • Provision of health care: Specifics of what care was provided to an individual is protected.

Protected information that has been de-identified through redacting the PII or has been summarized by a qualified statistician can be used for purposes such as research.

Privacy Principles

Let's talk about the main stipulations of the privacy rule. The privacy rule provides clear definitions and limitations or principles regarding how an individual's health information may be used or shared. First, who are covered entities allowed to share or disclose information with?


It stands to reason that the information can be disclosed to the individual who is receiving treatment. How else will they be able to make decisions in their care? But there are other circumstances where disclosure is permitted:

To unlock this lesson you must be a Study.com Member.
Create your account

Register to view this lesson

Are you a student or a teacher?

Unlock Your Education

See for yourself why 30 million people use Study.com

Become a Study.com member and start learning now.
Become a Member  Back
What teachers are saying about Study.com
Try it risk-free for 30 days

Earning College Credit

Did you know… We have over 200 college courses that prepare you to earn credit by exam that is accepted by over 1,500 colleges and universities. You can test out of the first two years of college and save thousands off your degree. Anyone can earn credit-by-exam regardless of age or education level.

To learn more, visit our Earning Credit Page

Transferring credit to the school of your choice

Not sure what college you want to attend yet? Study.com has thousands of articles about every imaginable degree, area of study and career path that can help you find the school that's right for you.

Create an account to start this course today
Try it risk-free for 30 days!
Create an account