In 1996, the Health Insurance Portability and Accountability Act or the HIPAA was endorsed by the U.S. Congress. The HIPAA Privacy Rule, also called the Standards for Privacy of Individually Identifiable Health Information, provided the first nationally-recognizable regulations for the use/disclosure of an individual's health information. Essentially, the Privacy Rule defines how covered entities use individually-identifiable health information or the PHI (Personal Health Information). 'Covered entities' is a term often used in HIPAA-compliant guidelines. This definition of a covered entity is specified by [45 CFR § 160.102] of the Privacy Rule. A covered entity can be a:
Health plan
Healthcare clearinghouse
Healthcare provider
Overview of the Privacy Rule
Gives patients control over the use of their health information
Defines boundaries for the use/disclosure of health records by covered entities
Establishes national-level standards that healthcare providers must comply with
Helps to limit the use of PHI and minimizes chances of its inappropriate disclosure
Strictly investigates compliance-related issues and holds violators accountable with civil or criminal penalties for violating the privacy of an individual's PHI
Supports the cause of disclosing PHI without individual consent for individual healthcare needs, public benefit and national interests.
Overview of the Privacy Rule
HIPAA realizes that there is a critical need to balance the steps taken for the protection of an individual's health information along with provision of proper healthcare faculties. The Privacy Rule strives hard to regulate the sharing of PHI without making it a deterrent for accessing healthcare facilities. Thus, the Privacy Rule does permit disclosures, under special circumstances, wherein individual authorization is not needed by public healthcare authorities.