The Health Insurance Portability and Accountability Act (HIPAA) is a law of US Department of Health and Human Services. HIPAA is a regulatory requirement which stands for use and disclosure of health information of individuals.
HIPAA mainly focus on data privacy, security and controls for safe guard medical information. HIPAA Privacy Rule is to protect patients' personal or protected health information (PHI).
The Privacy Rule give guarantee to patients that the right to receive their own PHI, upon request, from healthcare providers covered by HIPAA.
The HIPAA Privacy Rule applies to organizations that are considered HIPAA-covered entities. It also requires covered entities that work with a HIPAA business associate to produce a contract that imposes specific safeguards on the PHI that the BA uses or discloses.
Failling to comply with HIPAA Privacy Rule, victim of healthcare data breach, failling to provide access to patients for their PHI, OCR can impose penalty or fine.
Privacy rule penalties vary depending on the severity of the infraction.
Major amendments since 1996: