Skip to the main content.
Talk to sales Start for free
Talk to sales Start for free

2 min read

What is the HIPAA Privacy Rule?

What is the HIPAA Privacy Rule?

With constant advances in healthcare and therefore complex terminology used in doctor’s offices, it can be difficult to fully understand your own health and medical conditions once you leave an appointment. The HIPAA Privacy Rule legally allows individuals the right to their own medical records and health information that are maintained by their healthcare professionals.  

As we see technology growth in the healthcare industry, patients can now have access to their own medical records and healthcare information more quickly and easily than ever before.

Allowing patients access to their medical records gives them a sense of ownership because, after all, it is their own well-being on the line. Individuals are more likely to monitor their own conditions and manage their own health performance when they can physically see and understand what is going on with their own health.

The phrase “out of sight, out of mind”, can be directly applied to the Privacy Rule. The Rule encourages individuals to take control of their health and therefore, make educated decisions on how to proceed with their health in the future.


HIPAA Privacy Rule History


The HIPAA Privacy Rule is part of regulations under the Health Insurance Portability and Accountability Act (HIPAA), which was designed to protect and secure individual health information and medical records. 

Related: Understanding and implementing HIPAA rules

The HIPAA Privacy Rule was developed as a way for patients to obtain their medical records securely and easily. These secure records and information are maintained in a “designated record set.” The information in the “designated record set” is known as “protected health information (PHI).” Under the Privacy Rule, individuals have the right to do the following with their “designated record set:”

  • Inspect or obtain copies
  • Direct copies to a designated third party
  • Request corrections to records


The Privacy Rule allows individuals to take control of their PHI, ensuring it is always up to date and correct.

Related: What is protected health information (PHI)?


Who is covered by the Privacy Rule?


The Privacy Rule usually applies to health plans, healthcare clearinghouses and any healthcare providers that utilize electronic transactions listed within the Administrative Requirements under HIPAA. This group of organizations are known as “Covered Entities.” 

  • Health Plans. Health plans include health, dental, vision and prescription drug insurance along with HMOs, Medicare, Medicaid and long-time care. They are usually individual or group plans that provide or pay for medical care. This also includes Government programs.
  • Health Care Clearinghouse. An entity that processes nonstandard information for health plans or healthcare providers. They receive individual identifying information for which they need to abide by the Privacy Rule.
  • Health Care Providers. It does not matter the size, every healthcare provider that performs transactions electronically is a covered entity. These transactions can include claims and benefit eligibility inquiries.


Certain Business Associates who fall under the Administrative Requirements can also be covered by the Privacy Rule. 


What information is protected by the Privacy Rule?


Anything that can identify an individual and their health information can be protected by the Privacy Rule. Identifiable non-health information is also protected as well if it is part of the “designated record set.

PHI can include the following identifiable information:

  • Medical record number
  • Unique identifying number
  • An invoice with billing information
  • An appointment reminder
  • Blood test results
  • Prescription information
  • Beneficiary numbers
  • Health insurance
  • Mental health
  • Health records
  • Health status
  • Oral communications
  • Payment history
  • Account number
  • Family members
  • Discharge date
  • Admission date
  • Biometric identifiers
  • Device identifiers


Send and receive PHI with HIPAA compliant emails


If you want your patients to be in control of their health information so they can make educated decisions for their future, you want it to be as easy and quick as possible for them to obtain that information without burdening your staff. 

Now there’s an easy way to eliminate the hassle of legacy email encryption and still have HIPAA compliant email. Paubox offers the easiest way for healthcare organizations to send and receive secure email and attachments that comply with HIPAA and does not require portals or extra steps.

Paubox integrates into email services that physicians, administrators and patients already use every day, such as Google Workspace and Microsoft Office 365.

With more than 4,000 customers and nearly 70,000,000 emails secured per month, you can entrust your healthcare email to HITRUST CSF certified Paubox solutions. 


Subscribe to Paubox Weekly

Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.