Upcoming Webinars

  • No upcoming events


The analysis of any legal or medical billing is dependent on numerous specific facts — including the factual situations present related to the patients, the practice, the professionals and the medical services and advice. Additionally, laws and regulations and insurance and payer policies are subject to change. The information that has been accurate previously can be particularly dependent on changes in time or circumstances. The information contained in this web site is intended as general information only. It is not intended to serve as medical, health, legal or financial advice or as a substitute for professional advice of a medical coding professional, healthcare consultant, physician or medical professional, legal counsel, accountant or financial advisor. If you have a question about a specific matter, you should contact a professional advisor directly. CPT copyright American Medical Association. All rights reserved. CPT is a registered trademark of the American Medical Association.

Log in

HIPAA Privacy Rule

The Privacy Rule addresses the use and disclosure of individuals’ protected health information by covered entities as well as standards for individuals' privacy rights and control over their health information.

The main purpose of the Privacy Rule is to assure that individuals’ health information is properly protected while allowing the flow of health information needed to provide and promote high quality health care and to protect the public's health and well-being. The rule permits important uses of information, while protecting the privacy of people who seek care and healing.

Who must follow the Privacy Rule?

    • Healthcare Providers
    • Healthcare Plans
    • Healthcare Clearinghouses

What is Protected Health Information?

    • Protected Health Information
    • De-Identified Information

What are the organizational requirements under the rule?

    • Designate a Privacy Official
    • Workforce Training
    • Data Safeguards
    • Complaints
    • Workforce Sanctions
    • Refraining from intimidating or retaliatory acts
    • Mitigation
    • Waiver of Rights
    • Policies and Procedures
    • Changes to Policies and Procedures
    • Documentation

Notice of Privacy Practices 

    • Delivery of the Notice
    • Content of the Notice

Uses and Disclosures

    • Treatment, Payment, Health Care Operations
    • When Authorization is Required
    • Requirements for a Valid Authorization
    • Patient has the Opportunity to Agree or Object
    • Authorization or Opportunity to Agree or Object is Not Required
    • De-Identification of Protected Health Information

Minimum and Necessary Rule

    • Minimum necessary uses of protected health information
    • Minimum necessary disclosures of protected health information
    • Minimum necessary requests for protected health information
    • Other content requirement

Limited Data Sets

    • Limited data set
    • Permitted purposes for uses and disclosures
    • Data use agreement

Patient Rights under the Privacy Rule

    • Rights to Request Privacy Protection for Protected Health Information
    • Access to Protected Health Information
    • Amendment of Protected Health Information
    • Accounting of Disclosures of Protected Health Information

Copyright Med Comply LLC 2022

Med Comply does not claim copyright over US Federal and State materials

CPT codes are copyright 1995-2022 American Medical Association. All rights reserved.

About Us

Join Us

Find Us

Med Comply is a healthcare compliance firm that strives to bring high quality compliance guidance and one-on-one consulting services to small and medium sized physician and NPP practices.   

Learn More

Join today as either a monthly or a yearly member and enjoy full access to the site and ongoing personalized compliance and billing support. 

Join Today

Powered by Wild Apricot Membership Software