Health Insurance Portability and Accountability Act

Rules of Title II

The privacy rule, perhaps the most recognizable rule of HIPAA, protects all health information -- electronic and paper.
The privacy rule, perhaps the most recognizable rule of HIPAA, protects all health information -- electronic and paper.
Lester Lefkowitz/Stone/Getty Images

The Security Rule

The third section of the Administrative Simplification rules includes the Security Rule. This rule, as the name implies, involves security safeguards used with each patient's Electronic Protected Health Information, or ePHI. Basically, this section deals with the various security standards each provider should abide with to ensure the highest level of confidentiality of all your ePHI that your provider creates, receives, updates or sends. Also, providers are expected to protect their entire electronic system from any threats to its security like computer bugs or even indiscreet office personnel.

The Privacy Rule

Unlike the other sections mentioned, the privacy rule applies to health information in any form, be it paper or electronic. When people mention HIPAA in health care, this rule is usually what they're referring to. Your personal health information not only includes your entire medical record, but even includes your payments made for health care.

Because of the importance of this rule, there are comprehensive compliance requirements involved for both employees and patients of any given health care facility. For example, if you work in the health care field you should have been required to watch a video or take a quiz on privacy and HIPAA. Most of these videos focus on the privacy rule rather than the other sections of HIPAA discussed in this article. If you aren't in health care, you've probably been exposed to this rule when your doctor or other health care provider asked you to sign a HIPAA form during check-in. This form is given in order to prove that you've been formally notified of your doctor's privacy practices in regard to your health information.

As part of the privacy rule, you have full access to their medical records, can restrict others from gaining access to their records, and can even tell who has accessed their medical record. In addition, you can request changes be made to your medical record if you believe the information isn't accurate. As a part of this rule, the amount of your health information shared is kept to the minimal amount needed in order for treatment or business operations. This rule also allows you to decide if you want, or don't want, your health information to be used for purposes not related to your treatment or payment issues, such as in a research project.

The Enforcement Rule

This rule, which became effective in March 2006, involves the civil money penalties against those who violate any of the Administrative Simplification rules. Before this rule came into effect, these civil penalties were only applied to those who were noncompliant with the Privacy Rule. Now, violators of any rule in the Administrative Simplification process can be punished. This rule also details how an investigation should take place, how the penalty is determined and how to appeal a ruling.

To learn more about HIPAA, health insurance and related topics, follow the links found below.

Related HowStuffWorks Articles

More Great Links


  • CDC: HIPAA Privacy Rule and Public Health.
  • CMS: What HIPAA Does and Does Not Do.
  • HIPAAdivsory: HIPAA Primer.
  • US Department of Labor: HIPAA Fact Sheet.