PAUL R. HALES, ATTORNEY AT LAW, LLC
                                                                                                                                                                                           
Tel: 314-534-3534
Fax: 314-534-0444
personal injury lawyer 
 
about the HIPAA
Privacy Rule 

Paul R. Hales

Attorney at Law

3534 Washington Ave.

St. Louis, MO 63103

TEL: 314-534-3534

 

HIPAA Privacy Rule
What is the HIPAA PRIVACY RULE?
 

The Privacy Rule[1] is the basic and most important HIPAA Rule because it applies to all Protected Health Information (PHI) maintained or transmitted in any form or medium[2] and both Covered Entities and Business are directly liable for Privacy Rule compliance.  


I    Privacy Rule Overview


1.  Standards and Implementation Specifications

The Privacy Rule is made up of Standards (rules concerning PHI [3]) and Implementation Specifications (instructions for implementing a Standard[4]). Privacy Rule Standards and Implementation Specifications establish:

A.  Rights Individuals have with respect to their PHI;[5]

B.  Uses and Disclosures of PHI that a Covered Entity and a Business Associate are permitted and required to make; [6]

C.  Regulations governing Uses and Disclosures of PHI;[7]

D.  Administrative requirements for compliance with the Privacy Rule and Breach Notification Rule [8] including a mandatory Standard that Covered Entities must have appropriate Administrative, Technical, and Physical Safeguards in place to protect the privacy of PHI.[9]


2.   Privacy Rule in the Code of Federal Regulations

The official text of the Privacy Rule in the Code of Federal Regulations (CFR) is difficult to follow. This undoubtedly reflects the inclusive, intermittent process by which the Privacy Rule was developed and modified.[10]

3.   Privacy Rule in The HIPAA E-Tool ®

The HIPAA E-Tool ® Policies, Procedures and Forms covering all Privacy Rule Standards and Implementation Specifications are arranged in logical order according to their subject to make them easy to follow and implement.

Easy to Use

The HIPAA E-Tool ® Search Box feature enables a user to find every Privacy Rule topic easily. Enter a word or phrase and one click brings an explanation on screen that includes direct links to the applicable Policy, Procedure or Form.  

4.   Privacy Rule and Business Associates in The HIPAA E-Tool ®

The HIPAA E-Tool ® groups Privacy Rule Standards and Implementation Specifications regarding Covered Entities and Business Associates in Section 7, Business Associates and Policy BA-1, Business Associate Contract and Compliance Policy (Business Associate Agreement).



[1]     45 CFR Part 160 and Subparts A and E of Part 164

[2]     45 CFR §164.500, 45 CFR §160.103  

[3]     45 CFR §160.103

[4]     Ibid.

[5]     45 CFR §§ 164.520-528

[6]     45 CFR §164.502(a)(1)-(4)

[7]     45 CFR §§ 164.502-514

[8]     45 CFR §164.530

[9]     45 CFR §164.530(c)

[10]    See, e.g.: 64 FR 59918, Nov. 3, 1999; 65 FR 82462, Dec. 28, 2000; 67 FR 14776, Mar. 27, 2002; 67 FR 53182, Aug. 14, 2002; 68 FR 8381, Feb. 20, 2003; 74 FR 4270, Aug. 24, 2009; 74 FR 56123, Oct. 30, 2009; 75 FR 40868, Jul. 14, 2010; 76 FR 31426, May 31, 2011; 78 FR 5566, Jan. 25, 2013; 78 FR 23872, Apr. 23, 2013; 79 FR 784, Jan. 7, 2014; 79 FR 7290, Feb. 6, 2014; 81 FR 382, Jan. 6, 2016