I am often asked the difference between HIPAA Privacy and HIPAA Security. Because HIPAA regulations cover both privacy and security, they go hand in hand, yet they are different.
The Privacy Rule
The HIPAA Privacy Rule focuses on the right of an individual to control the use of his or her personal information. It established national standards to protect an individuals medical records. Protected health information (PHI) should not be divulged or used by others against their wishes. The Privacy rule covers the confidentiality and sets limits of PHI in all formats including electronic, paper and oral. Confidentiality is an assurance that the information will be safeguarded from unauthorized disclosure. The physical security of PHI in all formats is an element of the Privacy rule.
The Security Rule
The Security rule focuses on administrative, technical and physical safeguards specifically as they relate to electronic PHI (ePHI). Protection of ePHI data from unauthorized access, whether external or internal, stored or in transit, is all part of the security rule. Typically ePHI is stored in: