HIPAA Privacy Rule

What is the Privacy Rule?

Addresses the use and disclosure of PHI by covered entities and business associates

Conditions that allow use or disclosure of PHI

  • Direct communication with individual about his/her PHI
  • With individual’s written authorization or other legal agreement
  • Without the individual’s authorization if used for treatment, payment, and operations (TPO)
  • In other limited situations specifically allowed by HIPAA

HIPAA’s minimum necessary standard requires we limit use and disclosure of PHI to only what’s needed to accomplish the goal