Upcoming Webinars 


The analysis of any legal or medical billing is dependent on numerous specific facts — including the factual situations present related to the patients, the practice, the professionals and the medical services and advice. Additionally, laws and regulations and insurance and payer policies are subject to change. The information that has been accurate previously can be particularly dependent on changes in time or circumstances. The information contained in this web site is intended as general information only. It is not intended to serve as medical, health, legal or financial advice or as a substitute for professional advice of a medical coding professional, healthcare consultant, physician or medical professional, legal counsel, accountant or financial advisor. If you have a question about a specific matter, you should contact a professional advisor directly. CPT copyright American Medical Association. All rights reserved. CPT is a registered trademark of the American Medical Association.

Log in

Log in

HIPAA Privacy Rule 

The main purpose of the Privacy Rule is to assure that individuals’ health information is properly protected while allowing the flow of health information needed to provide and promote high quality health care and to protect the public's health and well-being. The rule permits important uses of information, while protecting the privacy of people who seek care and healing.

Who must follow the Privacy Rule?

  • Healthcare Providers
  • Healthcare Plans
  • Healthcare Clearinghouses

Privacy Rule Definitions

Protected Health Information

  • Protected Health Information
  • De-Identified Information

Organizational Requirements

  • Designate a Privacy Official
  • Workforce Training
  • Data Safeguards
  • Complaints
  • Workforce Sanctions
  • Refraining from intimidating or retaliatory acts
  • Mitigation
  • Waiver of Rights
  • Policies and Procedures
  • Changes to Policies and Procedures
  • Documentation

Notice of Privacy Practices 

  • Delivery of the Notice
  • Content of the Notice

Uses and Disclosures

  • Treatment, Payment, Health Care Operations
  • When Authorization is Required
  • Requirements for a Valid Authorization
  • Patient has the Opportunity to Agree or Object
  • De-Identification of Protected Health Information

Authorization Not Required

    • Uses and Disclosures for Public Health Activities
    • Disclosures about Victims of Abuse, Neglect or Domestic Violence
    • Uses and Disclosures for Health Oversight Activities
    • Disclosures for Judicial and Administrative Proceedings
    • Disclosures for Law Enforcement Purposes
    • Uses and Disclosures about Decedents
    • Uses and Disclosures for Cadaveric Ogan, Eye or Tissue Donation Purposes
    • Uses and Disclosures for Research Purposes
    • Uses and Disclosures to Avert a Serious Threat to Health or Safety
    • Uses and Disclosures for Specialized Government Functions
    • Disclosures for Workers' Compensation
Minimum and Necessary Rule
  • Minimum necessary uses of protected health information
  • Minimum necessary disclosures of protected health information
  • Minimum necessary requests for protected health information
  • Other content requirement

Limited Data Sets

  • Limited data set
  • Permitted purposes for uses and disclosures
  • Data use agreement

Patient Rights under the Privacy Rule

  • Rights to Request Privacy Protection for Protected Health Information
  • Access to Protected Health Information
  • Amendment of Protected Health Information
  • Accounting of Disclosures of Protected Health Information
Powered by Wild Apricot Membership Software