We all have rights to privacy and anyone who infringes those rights should face the law. Even as patients to a doctor or in a health care delivery center, we have the right to have our medical records and bills kept secret to only those who we permit to see them and those whose jobs permits them access to such records. This is why the Health Insurance Portability and Accountability Act (HIPAA) Rules is there to help give federal protections for patient health information that are held by all those considered by the act as Covered Entities (CEs) and their Business Associates (BAs). The HIPAA also give patients quite a number of rights as it relates to the information accessed by the Covered Entities (CEs) and Business Associates (Bas).
The HIPAA provides three different categories of rules that all CEs and Bas must comply with. These rules are the Privacy Rule, the Security Rule and the Breach Notification Rule.
The Privacy Rule is there to protect such information known as the Individually Identifiable Health Information. The Security Rule on the other hand gives the national standards for a particular category of information known as Electronic Protected Health Information (ePHI). And the Breach Notification Rule is what mandates all Covered entities (CEs) and Business Associates (BAs) to notify the relevant persons concerned when there is a breach of unsecured Protected Health Information (PHI).
As long as you are a Covered Entity (CE) or a Business Associate (BA) as recognized by the HIPAA, you must comply with the HIPAA Privacy Rule, HIPAA Security Rule and HIPAA Breach Notification Rule and any other provisions made by the Health Insurance Portability and Accountability Act (HIPAA). It is your responsibility as a health care provider to protect your patients’ information in any form that they come; whether electronically, paper or in oral form and you must do this within the context of the HIPAA rules.