The javascript used on this site for creative design effects is not supported by your browser. Please note that this will not affect access to the content on this web site.
Skip Navigation
H H S Department of Health and Human Services
U.S. Department of Health and Human Services
Health Information Technology and Quality
Improvement

A-Z Index  |  Questions?  |  Order Publications  |  HRSA Mobile

What are the HIPAA Privacy and Security Rules?

The HIPAA Privacy Rule, officially known as the Standards for Privacy of Individually Identifiable Health Information, was implemented in 1996.  The U.S. Department of Health and Human Services notes that this is the first time that a set of national standards were established to protect health information.  This rule creates a minimum standard for protection of information for all in the United States.  According to the U.S. Department of Health and Human Services, the purpose of the HIPAA Privacy Rule is to protect the privacy of individually identifiable health information. 

The HIPAA Security Rule focuses specifically on electronic protected health information (ePHI).  Providers have been required to be in compliance with the Security Rules since April 20, 2005.  The purpose of the HIPAA Security Rule is to set administrative, technical, and physical standards to protect electronic protected health information.

The Office for Civil Rights (OCR) within the U.S. Department of Health and Human Services administers and enforces the Privacy and Security rules.

Tools:
Sample Security Rule Compliance Guidelines go to exit disclaimer - Developed by the University of California (2005).  This document represents the actual compliance guidelines instituted by the University of California to assist campus and medical center directors and managers.

Resources
An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule - Developed by the National Institute of Standards and Technology (2008).  This guide provides a background of the HIPAA Security Rule, as well as guidance for implementing and complying with the Security Rule.

HIPAA Security Rule Summary go to exit disclaimer- Developed by the HIPAA Survival Guide (2009).  This link provides a brief overview of the Security Rule.

Health Information Privacy - Developed by the Office for Civil Rights at the U.S. Department of Health and Human Services.  This site provides background on HIPAA with respect to privacy and security.

Developed by the Health Resources and Services Administration as a resource for health centers and other safety net and ambulatory care providers who are seeking to implement health IT.
About
Health Information Technology Toolboxes help health centers, safety net providers, and ambulatory care providers with electronic and online resources and technical assistance to improve patient care.  More>
Stay Informed

Register for the HealthIT and Quality Improvement eNewsletter

Comments?
E-mail the HealthIT e-mail box: healthit@hrsa.gov