The HIPAA Privacy Rule Establishes National Standards to Protect Individuals’ Medical Records and Other Personal Information.
HIPAA Privacy Rule Summary
The HIPAA Privacy Rule establishes national standards to protect individuals’ medical records and other personal health information and applies to health plans, healthcare clearinghouses, and those health care providers that conduct certain healthcare transactions electronically. The Rule requires appropriate safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization. The covered entity that is compliant with the HIPAA Privacy Rule must make practical efforts to use, disclose and request only the minimum necessary amount of protected health information (PHI) needed to complete its intended purpose. The Rule also gives patients rights over their health information, including rights to examine and obtain a copy of their health records, to request corrections, and to get an account of those who have been allowed access to their records. According to this Federal Law, it is the duty of HIPAA Covered Entities and HIPAA Business Associates that interact with this PHI, to supply all requested information to a patient or a representative of the patient in a timely manner. Since data center service providers like OnRamp do not operate in the clinical environment, most of the HIPAA Privacy Rule is not applicable. However, data center service providers are still responsible for many of the Privacy Rule’s concepts, such as, the minimum necessary use of PHI, patients’ rights to obtain copies, patients’ rights to amend their healthcare data and their right to see who has viewed it. As a practical matter, data center companies must comply with these aspects of the HIPAA Privacy Rule and must interact with their Covered Entity clients to meet compliance with this regard. The HIPAA Privacy Rule is located at 45 CFR Part 160 and Subparts A and E of Part 164. Visit the Health and Human Services website for the Summary of the HIPAA Privacy Rule.