Blog Interviewing Guide Governance, Risk, and Compliance

HIPAA Privacy Rule

  1. The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996.

  2. HIPAA is a federal law that establishes rules for protecting the privacy and security of protected health information (PHI).

  3. HIPAA requires covered entities, such as healthcare providers, health plans, and healthcare clearinghouses, to implement safeguards to ensure the confidentiality and security of PHI.

  4. PHI is any information related to an individual’s physical or mental health that is created or collected by a healthcare provider.

  5. The HIPAA Privacy Rule sets standards for the use and disclosure of PHI.

  6. The Privacy Rule requires covered entities to obtain the individual’s written authorization before disclosing PHI to anyone else.

  7. The Privacy Rule also requires covered entities to provide individuals with access to their PHI and to notify them of any uses or disclosures of their PHI.

  8. The Privacy Rule applies to all forms of PHI, including paper records, electronic records, and oral communications.

  9. The Privacy Rule does not apply to information collected by health researchers, employers, or insurers for non-medical purposes.

  10. The Privacy Rule gives individuals the right to request restrictions on the use and disclosure of their PHI.

  11. The Privacy Rule requires covered entities to have administrative, physical, and technical safeguards in place to protect the privacy of PHI.

  12. The Privacy Rule requires covered entities to provide individuals with notice of their privacy rights and how their PHI may be used and disclosed.

  13. The Privacy Rule prohibits covered entities from selling PHI without the individual’s authorization.

  14. The Privacy Rule requires covered entities to provide individuals with an accounting of all disclosures of their PHI.

  15. The Privacy Rule allows individuals to request an amendment to their PHI if they believe it is incorrect or incomplete.

  16. The Privacy Rule applies to all healthcare providers, health plans, and healthcare clearinghouses.

  17. The Privacy Rule does not apply to psychotherapy notes or information collected for marketing purposes.

  18. The Privacy Rule requires covered entities to implement a system for tracking disclosures of PHI.

  19. The Privacy Rule requires covered entities to maintain records of all uses and disclosures of PHI.

  20. The Privacy Rule gives individuals the right to inspect and copy their PHI.

  21. The Privacy Rule requires covered entities to have procedures in place to respond to complaints and inquiries from individuals.

  22. The Privacy Rule allows covered entities to disclose PHI for payment or healthcare operations purposes without the individual’s authorization.

  23. The Privacy Rule requires covered entities to ensure the security of PHI in all forms, including electronic and paper.

  24. The Privacy Rule requires covered entities to provide individuals with a notice of their privacy rights.

  25. The Privacy Rule prohibits covered entities from disclosing PHI to third parties without the individual’s authorization.

Previous25 HIPAA Security Rule QuestionsNext25 HIPAA Privacy Rule

Last updated