The Privacy Rule

Heath Insurance Portability and Accountability Act (HIPAA) is the law in the United States of America that provides security provisions and data privateness provisions for protecting medical information. Over the recent years, that regulation has gained great prominence due to increased fitness data breaches orchestrated by ransom ware attacks and cyber-attacks on health insurers and healthcare providers. This paper focuses on the privacy rule beneath section two commonly referred to as HIPAA compliance also regarded as Administrative Simplification provisions.

The national standards for the health records of patients were established by the Standards for Privacy of Individually Identifiable Health Information also known as the HIPAA Privacy rule. The Privacy rule was issued by the Health and Human services department of the United States to control the use and disclosure of sensitive patient health information (Anthony et al., 110). The rule aims at protecting patient’s privacy by requiring doctors to explain to patients each entity to which the doctor shares his/her health information for administrative and billing purposes while still letting the relevant health information flow via the right channels to protect the health and wellbeing of the public and to promote high quality healthcare (Anthony et al., 110). The rule additionally gives patients the right to receive their own health information on request. 
    The rule covers health plans, health care providers, health care clearinghouses and business associates. The privacy rule protects all individual information transmitted or held by a covered entity or business associate in any form (Chaikind, 110). The protected health information includes the name of the patient, date of birth, address, social security number, physical or mental condition of the individual in addition to care rendered to the individual and payment information (Krager, 56). The basic principle for use and disclosure is that a covered entity cannot use or disclose protected heath information except according to the provisions of the privacy rule or when the subject of the information or his/her representative authorizes in writing (Gostin, 89).

Works Cited
Anthony, Denise L., Ajit Appari, and M. Eric Johnson. “Institutionalizing HIPAA compliance: Organizations and competing logics in US health care.” Journal of health and social behavior 55.1 (2014): 108-124.
Chaikind, Hinda R., Ed. The Health Insurance Portability and Accountability Act (HIPAA): Overview and Analyses. Nova Publishers, 2004.
Gostin, Lawrence O., Laura A. Levit, and Sharyl J. Nass, eds. Beyond the HIPAA privacy rule: enhancing privacy, improving health through research. National Academies Press, 2009.
Krager, Dan, and Carole Krager. HIPAA for health care professionals. Nelson Education, 2016.