The HIPAA Privacy Rules – or “Standards for Privacy of Individually Identifiable Health Information” – were published in 2002 to protect the confidentiality of patient healthcare and payment data in order to prevent abuse and fraud in the healthcare system. Since their publication, and despite massive advances in technology, the Rules have not changed. The only significant differences between 2002 and today is who the HIPAA Privacy Rules apply to and how they are enforced.

The HIPAA Privacy Rules consist of a series of standards relating to how individually identifiable health information is used and disclosed. There are eighteen “identifiers” which individually or together could reveal information about a patient´s healthcare or payment history, and these are classified as “Protected Health Information” or “PHI”.

The Rules apply to all PHI, whether it is maintained in electronic or paper format, and when it is disclosed orally. They stipulate who can have access to PHI, the circumstances in which it can be used and who it can be disclosed to. Entities in possession of PHI have to comply with the Rules or face enforcement action by the Department of Health & Human Services´ Office for Civil Rights.

Learn more about HIPAA privacy rules: https://www.hipaaguide.net/hipaa-privacy-rules/

More info here:
https://www.hipaaguide.net/hipaa-encryption-requirements/
https://www.hipaaguide.net/what-is-the-best-time-to-promote-hipaa-awareness/