Before the HHS privacy rules HIPAA law was created to protect the personal and health
information of common people from being compromised by unlawful elements. Any
disclosure of the sensitive information to a third party can be done only with the consent of
In order to make this law more refined 5 sub-rules were created to ensure full security of data. The US department for Health and Human Services or HHS has also issued a privacy rule which compels the health insurance companies and health providers. This rule goes a step beyond the basic HIPAA rule and gives the consumers right to control and understand how their information is being used.
Of course, health information needs to be shared with the entities within the healthcare and health insurance sector in order to provide proper care and plans to the consumer. With the help of the privacy rule the organizations providing such services to the public can make permitted use of the health information without breaching the privacy of the person seeking care and treatment.
The types of entities which are subject to the privacy rule include the following and are known as covered entities:
Any health care provider, regardless of their size and if they are transferring health information electronically in connection with some specific transactions like – claims, benefit eligibility inquiries, referral authorization requests and other transactions which the HHS has established standards.