HIPAA relates to “The HIPAA Privacy Rule” which established national standards to protect individuals’ medical records and other individually identifiable health information (collectively defined as “protected health information”). This is applicable to covered entities such as health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically. In addition this is also applied to business associates who handle protected health information on behalf of covered entities.
The Rule requires appropriate safeguards to protect the privacy of protected health information. It sets limits and conditions on the uses and disclosures that may be made of such information without an individual’s authorization.
HIPAA also gives individuals rights over their protected health information. It gives rights to examine and obtain a copy of their health records, to direct a covered entity to transmit to a third party an electronic copy of their protected health information in an electronic health record, and to request corrections.