Live Webinar | 26 June 2025 9AM PT
From Black Box to Boardroom: Operationalizing Trust in AI Governance
Glossary
HIPAA

HIPAA Rules: Privacy Rule

The Privacy Rule standards address the use and disclosure of individuals’ health information—called “protected health information” by organizations subject to the Privacy Rule — called “covered entities,” as well as standards for individuals’ privacy rights to understand and control how their health information is used.

A primary goal of the Privacy Rule is to ensure that an individual’s health information is properly protected while allowing the flow of health information needed to provide and promote high-quality health care and to protect the public’s health and well-being. The Rule strikes a balance that permits important uses of information while protecting the privacy of people who seek care and healing. Given that the healthcare marketplace is diverse, the Rule is designed to be flexible and comprehensive to cover the variety of uses and disclosures that need to be addressed.

The HIPAA Privacy Rule establishes national standards for protecting patient medical records and other protected health information (PHI) and the use and disclosure of PHI. Healthcare clearinghouses, providers, and plans that carry out specific medical transactions electronically are subject to the HIPAA Privacy Rule.

The HIPAA Privacy Rule places restrictions and requirements on using and disclosing personal health information without patient consent. It also mandates proper protections to preserve the privacy of such information. Patients also have rights to their health information under the Privacy Rule, including the ability to inspect, acquire a copy of, and ask for corrections to their records.

The initial Act of 1996, its later additions and revisions, including the HIPAA Privacy Rule, and any connected laws must all be complied with by businesses wishing to establish and maintain HIPAA compliance.

Subscribe to our newsletter
Get monthly updates and curated industry insights
Subscribe
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Related Terms

ISO 27001 Stage 2 Audit

Also known as the Certification audit, the ISO 27001 Stage 2 Audit is the second step of the two-step external ISO certification process. It follows after the Stage 1 Audit is successfully completed.

Learn More
ISO 27001 Risk Treatment Plan

A risk treatment plan is the second step in the overall risk management process and is usually introduced when the company completes the ISO 27001 risk assessment.

Learn More
ISO 27001 Risk Assessment

Risk Assessment under ISO 27001 aims to help an organization or entity identify, analyze, and evaluate the weaknesses or loopholes present in its information security system (ISMS) and its processes and procedures.

Learn More

Explore more resources

MAS TRM implementation made simple: A practical guide for 2025
Learn More
ISO 27001 change management: Meaning, process, and template
Learn More
MAS TRM implementation made simple: A practical guide for 2025

Learn More

Ready to see what security-first GRC really looks like?

The Scrut Platform helps you move fast, stay compliant, and build securely from the start.

Book a Demo
Book a Demo
Platform
Why ScrutExplore the PlatformSimplify ComplianceStreamline AuditsEmpower Your EmployeesMonitor Cyber RiskAssess Third-Party RiskValidate User PrivilegesManage Asset InventoryDemonstrate TrustAI-Powered GRCIntegrate Your Tech Stack
Frameworks
SOC 2ISO 27001GDPRPCI DSSHIPAANIST AI RMFCustom FrameworksAll Frameworks
Company Stages
StartupGrowthEnterprise
Industry
Enterprise SoftwareFinancial ServicesHealthcareTravel and TourismEducation
Resources
BlogEbooksPodcastSuccess StoriesWebinarsEventsGlossaryFAQs
Hubs
SOC 2 HubISO 27001 HubHIPAA HubExplore All Hubs
Partners
Become a PartnerFind a Partner
Company
CustomersAboutCareersNewsroomSecurity
TrustTerms of UsePrivacy PolicyCookies Policy
© 2024 Scrut Automation. All Rights Reserved.