What Health Information Is Protected by the Privacy Rule?
Key Points: • With certain exceptions, the Privacy Rule protects a subset of individually identifiable health information, known as protected health information or PHI, that is held or maintained by covered entities or their business associates acting for the covered entity. • The Privacy Rule does not protect individually identifiable health information that is held or maintained by entities other than covered entities or business associates that create, use, or receive such information on behalf of the covered entity. To understand the possible impact of the Privacy Rule on their work, researchers will need to understand what individually identifiable health information is and is not protected under the Rule. With certain exceptions, the Privacy Rule protects a certain type of individually identifiable health information, created or maintained by covered entities and their business associates acting for the covered entity. This information is known as protected health information or
Related Questions
- Does an individual have a right under the HIPAA Privacy Rule to restrict the protected health information his or her health care provider discloses for workers’ compensation purposes?
- What are a covered entity’s obligations under the HIPAA Privacy Rule with respect to protected health information held by a business associate during the contract transition period?
- Does the HIPAA Privacy Rule address when a person may not be the appropriate person to control an individuals protected health information?
