The HIPAA Privacy Rule provides guidelines for individuals and organizations such as physicians, nursing homes, health insurance companies and Medicare. The guidelines cover how these entities can use and disclose protected health information (PHI) or data that can directly or indirectly reveal a patient's identity.
The HIPAA Security Rule expands on the Privacy Rule, addressing the safeguarding of PHI in an electronic format to protect it from being distributed to unauthorized recipients. This can include using encryption software to protect e-mails or including an e-mail disclaimer with all electronic messages.
As part of the Health Information Technology for Economic and Clinical Health Act, entities covered under HIPAA must provide notification if unsecured PHI has been breached. A breach occurs when the security or privacy of PHI has been compromised and may cause some kind of harm to the people whose information has been accessed.
The Health Insurance Portability and Accountability Act (HIPAA) established federal regulations requiring certain health care entities to protect patients' personal information and giving consumers rights concerning who can access this information. The act contains privacy and security rules to further define these regulations.