Module 1: Introduction to HIPAA
Module 2: Fundamentals of PHI
Module 3: The Privacy Rule – Uses, Disclosures, and Compliance
Module 4: The Security Rule – Uses, Disclosures, and Compliance
1 of 3

1.1.5 HIPAA Privacy Rule

National requirements for the security of specific health information are established under the Privacy Rule.

The Privacy Rule sets forth criteria for the use and disclosure of PHI and for the privacy rights of persons to understand and control the use and distribution of personal health information, including the right to inspect and get a copy of their medical records and to request corrections.


The Privacy Rule mandates that covered entities must notify individuals of the uses of their PHI. Additionally, covered entities must record privacy policies and practices and track PHI disclosures. However, there may be some exceptions involved.

As a covered entity, you generally don’t need a patient’s written consent to use PHI for your treatment, billing, and healthcare operations activities, as well as other permitted or necessary purposes under the HIPAA Privacy Rule.

Notify of
0 Discussions
Inline Feedbacks
View all comments
Post a comment

Leave a Comment

Your email address will not be published. Required fields are marked *

Would love your thoughts, please comment.x