The purpose of the HIPAA privacy requirements is threefold:
- Restricting the unwarranted disclosure of sensitive personal information
- Giving individuals greater control over access to sensitive personal information, including the specific information that can be disclosed, to whom, and the uses to which it can be put
- Enabling providers to use the personal information that they need to make treatment decisions and to meet their obligations to patients and regulatory and law enforcement agencies
The HIPAA requirements apply to "individually identifiable health information," which essentially means:
- Information that describes the health status of an individual, including basic demographics and the use of medical services
- Information that either identifies, or can be used to identify an individual
The privacy standards apply to ALL individually identifiable health information that is collected, maintained, or transmitted by a health care provider. The privacy standards are not limited to information that is transmitted electronically or as part of a standard HIPAA transaction.
The HIPAA privacy rules are comprehensive in scope and generally apply to the use and disclosure of any sensitive health information.