HIPAA Basics

Privacy and Security

The privacy and security of patient health information is a top priority for patients and their families, health care providers and professionals, and the government. Federal laws require many of the key persons and organizations that handle health information to have policies and security safeguards in place to protect your health information — whether it is stored on paper or electronically.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is the main Federal law that protects health information. The HIPAA Privacy and Security Rules protect the privacy and security of individually identifiable health information. HIPAA Rules have detailed requirements regarding both privacy and security.

  • The HIPAA Privacy Rule covers protected health information (PHI) in any medium, while the
  • The HIPAA Security Rule covers electronic protected health information (ePHI).

HIPAA for Consumers


HIPAA for Providers


HIPAA for Regulators

Patients and health care consumers can learn about their rights under HIPAA, which include privacy, security, and the right to access their own health information. Health care providers have rights and responsibilities defined under HIPAA related to the health information they store about patients, whether in electronic or non-electronic form. The Office for Civil Rights (OCR) is the main federal agency responsible for informing and protecting the public about health information privacy rights. Regulators can learn more about their work by visiting the OCR’s web site.

HIPAA versus State Laws

Besides the Federal HIPAA law, other laws in each state and locality may also define how health care information may be used and must be protected.