Skip to main content

Stratis Health Twitter Stratis Health LinkedIn Stratis Health YouTube
Lock, keyboard and mouse

Section Links

Hipaa Privacy Rule

Privacy header

“Whatever I see or hear in the lives of my patients, whether in connection with my professional practice or not, which ought not to be spoken of outside, I will keep secret, as considering all such things to be private.”

quote bubble- Hippocratic Oath translated by Michael North

The HIPAA Privacy Rule went into effect in April 2003 and was the first attempt at a nationwide framework for protection of patient information created and maintained by health care organizations. The HIPAA Privacy Rule is based on the protection and management of privacy of protected health information. Protected health information (PHI) is “individually identifiable health information that includes the individual’s past, present or future health condition, the provision of health care to the individual, and the past, present, or future payment for the provision of health care to the individual.” (HHS, 2014) With regulation about PHI, the Privacy Rule was intended to standardized privacy protections nationally.

The Privacy Rule was created for three major purposes:

  1. To protect and enhance the rights of consumers by providing them access to their health information and controlling the inappropriate use of that information;
  2. To improve the quality of health care in the U.S. by restoring trust in the health care system; and
  3. To improve the efficiency and effectiveness of health care delivery by creating a national framework for health privacy protection that builds on efforts by states, health systems, and individual organizations and individuals.

The Privacy Rule creates requirements of covered entities to limit and manage those who have access to protected information and how the information is being used and disclosed both internally and externally. Covered entities must also inform patients how their information is being used.

The Privacy Rule also gives the patients’ rights over the use and disclosure of their information. The Privacy Rule requires that covered entities have a process for patients to:

  • See and receive a copy of their PHI
  • Review and request an amendment to PHI
  • Get an accounting of disclosures of where PHI was sent
  • Provide permission prior to release of PHI
  • File a complaint if privacy rights are violated

Protecting patient information should be a focus of all health care organizations, large or small. Patient information is a valuable asset to a health care organization and should be managed in a manner that properly protects it.

Tools and Resources

Department of Health and Human Services HIPAA Privacy - Your Information Your Rights. HHS. (2-minute video)

Hulkower, R. (2010). The history of the Hippocratic Oath: Outdated, inauthentic, and yet still relevant. The Einstein Journal of Biology and Medicine, 25(1), 41-44.
This Privacy & Security portal was originally developed by the Regional Extension Center for Minnesota and North Dakota. REACH, co-led by Stratis Health, was federally funded through the Office of the National Coordinator, Department of Health and Human Services.