The intent of the HIPAA Privacy Rule is to permit important uses of health information while, at the same time, protecting the privacy of individuals who are seeking health care.
The Privacy Rule limits the use and disclosure of PHI and establishes individual rights, which are detailed on the following page.
The HIPAA Privacy Rule allows covered entities to analyze their own needs and implement programs based on their own environment. However, it requires that all privacy policies and procedures that are developed are in compliance with the Privacy Rule and compliance with the patient privacy policy is monitored at least annually.
The Privacy Rule also requires covered entities to develop processes to handle complaints. Among other things, the covered entity must identify to whom individuals can submit complaints at the facility and advise that complaints also can be submitted to the Secretary of Health and Human Services (HHS) without fear of retaliation for submitting the complaint.
