What Information May Be Released by HIPAA Release

Fundamental Principle

• The fundamental principle of the HIPAA privacy rule is that a covered entity, which is what HIPAA calls a health care provider or hospital, cannot use or disclose a patient's health information unless the privacy rule allows its use and disclosure or the patient authorizes its release in writing.

Type of Information Protected

• The privacy rule only protects "individually identifiable health information" or information that relates to a patient's past, present or future mental or physical condition.

What Information Individually Identifies an Individual?

• A patient can be individually identified with common, everyday information. This includes a patient's name, address, date of birth or Social Security number.

Minimum Necessary

• The privacy rule also limits the use and disclosure of a patient's information to the "minimum necessary" to accomplish the purpose of the use.

Notice of Privacy Rights

• Each covered entity must provide a copy of its privacy policies under HIPAA to each patient with which it has a direct relationship, and try to obtain a written acknowledgment of receipt of those policies.