The Privacy Rule is a federal regulation that has set out the administrative steps, policies, and procedures that healthcare providers must take to safeguard individuals' protected health information (PHI). HIPAA compliance includes compliance with the Privacy Rule.
The information covered by the Privacy Rule includes all information that 1. identifies an individual and 2. is maintained or exchanged electronically or an hardcopy. If it has someone's name on it (or has any components that could be used to identify the patient), and it is written down either electronically or on paper, it is "protected health information." Oral communications about such information are also covered.
The purpose of the Privacy Rule is to empower patients by guaranteeing them access to their medical records, and restricting the access of others. The patient has control over who can see the records. For medical records to be released from a doctor's office to a hospital, for example, the patient must give his or her written permission.
The other component of HIPAA Title II, requiring the standardization of electronic healthcare transactions, promotes the use and transmission of electronic medical records. This is called the Administrative Simplification section of HIPAA.
The goal of the Administrative Simplification section is to improve both the efficiency and the effectiveness of the nation's health-care system. When medical records are transmitted electronically, healthcare providers have easy access to each patient's previous information, and can provide the best possible care -- without administrative delay for sending and receiving paper records.