Headlines about data breaches draw attention to the Health Insurance Portability and Accountability Act’s (HIPAA) Security Rule. However, its companion—the HIPAA Privacy Rule—is just as important.
Although the two rules work hand-in-hand, they are based on different concepts. The Security Rule oversees the mechanisms used to protect the privacy of electronic patient health information (ePHI), while the Privacy Rule focuses on the use and disclosure of that information. It is meant to ensure that PHI is properly protected while still allowing the flow of health information needed to provide and promote high quality health care and to protect the public’s health and well-being.