Before the HHS privacy rules HIPAA law was created to protect the personal and health
information of common people from being compromised by unlawful elements. Any
disclosure of the sensitive information to a third party can be done only with the consent of
the consumer.
In order to make this law more refined 5 sub-rules were created to ensure full security of
data. The US department for Health and Human Services or HHS has also issued a privacy
rule which compels the health insurance companies and health providers. This rule goes a
step beyond the basic HIPAA rule and gives the consumers right to control and understand
how their information is being used.
Of course, health information needs to be shared with the entities within the healthcare and
health insurance sector in order to provide proper care and plans to the consumer. With the
help of the privacy rule the organizations providing such services to the public can make
permitted use of the health information without breaching the privacy of the person seeking
care and treatment.
The types of entities which are subject to the privacy rule include the following and are
known as covered entities:
Healthcare Providers
Any health care provider, regardless of their size and if they are transferring health
information electronically in connection with some specific transactions like – claims, benefit
eligibility inquiries, referral authorization requests and other transactions which the HHS has
established standards.
Health Plans