The main purpose of the Privacy Rule is to assure that individuals’ health information is properly protected while allowing the flow of health information needed to provide and promote high quality health care and to protect the public's health and well-being. The rule permits important uses of information, while protecting the privacy of people who seek care and healing.

Who must follow the Privacy Rule?

• Healthcare Providers
• Healthcare Plans
• Healthcare Clearinghouses

What is Protected Health Information?

• Protected Health Information
• De-Identified Information

What are the organizational requirements under the rule?

• Designate a Privacy Official
• Workforce Training
• Data Safeguards
• Complaints
• Workforce Sanctions
• Refraining from intimidating or retaliatory acts
• Mitigation
• Waiver of Rights
• Policies and Procedures
• Changes to Policies and Procedures
• Documentation

Notice of Privacy Practices 

• Delivery of the Notice
• Content of the Notice

Uses and Disclosures

• Treatment, Payment, Health Care Operations
• When Authorization is Required
• Requirements for a Valid Authorization
• Patient has the Opportunity to Agree or Object
• Authorization or Opportunity to Agree or Object is Not Required
• De-Identification of Protected Health Information

Minimum and Necessary Rule

• Minimum necessary uses of protected health information
• Minimum necessary disclosures of protected health information
• Minimum necessary requests for protected health information
• Other content requirement

Limited Data Sets

• Limited data set
• Permitted purposes for uses and disclosures
• Data use agreement

Patient Rights under the Privacy Rule

• Rights to Request Privacy Protection for Protected Health Information
• Access to Protected Health Information
• Amendment of Protected Health Information
• Accounting of Disclosures of Protected Health Information