“Each time a patient sees a doctor, is admitted to a hospital, goes to a pharmacist or sends a claim to a health plan, a record is made of confidential health information. In the past, family doctors and other health care providers protected the confidentiality of those records by sealing them away in file cabinets and refusing to reveal them to anyone else. Today, the use and disclosure of this information is protected by a patchwork of state laws, leaving gaps in the protection of patients’ privacy and confidentiality. Congress recognized the need for national patient record privacy standards; in 1996 the Health Insurance Portability and Accountability Act of 1996 (HIPAA) was enacted. The law included provisions designed to save money for health care businesses by encouraging electronic transactions, but it also required new safeguards to protect the security and confidentiality of that information.” (HHS Fact Sheet – May 9, 2001)
The Privacy Rule standard requires covered entities to ensure all protected health information (PHI), (IIHI – individually identifiable health information) whether stored electronically or in any other form, is secure. PHI includes any information which describes an individual’s health status or demographic information which identifies an individual.
The Privacy Rule, according to the Office of Civil Rights (OCR – responsible for oversight) “gives patients more control over their health information, sets boundaries on the use and release of health records, establishes appropriate safeguards that health care providers and others must achieve to protect the privacy of health information and it strikes a balance when public responsibility requires disclosure of some forms of data – for example, to protect public health. Under the rule, patients will be able to make informed choices by enabling them to find out how their information may be used and what unauthorized disclosures of their information have been made. It generally limits release of information to the minimum reasonably needed for the purpose of the disclosure and it gives patients the right to examine and obtain a copy of their own health records and request corrections.”