The HIPAA Privacy Rule went into effect on April 14, 2003. It protects the confidentiality of individuals' health data by regulating:
- How protected health information (PHI) is used
- To whom PHI is disclosed
- How and where PHI is maintained
PHI includes information about a person and their physical or mental health. It applies to all such information regardless of its form; it includes oral, written, and electronic communications.
The HIPAA Privacy Rule:
- Requires reasonable security measures to protect an individual's health information.
- Establishes accountability for the use and release of this information.
- Gives individuals rights regarding their health information.