HIPAA Privacy Rule

• This rule was passed in 2003 and is focused on protecting the rights of an individual and their ability to control and access their own Personal/Protected Health Information (PHI).
• Covers any individually identifiable health information that is disclosed in any format whether electronically, on paper or verbally.
• Lays out 18 identifiers that specify the information as PHI.
• Outlines how medical organizations can use the data for necessary functions such as treatment, operations, and payment.
• Patients should have access to the same information about themselves that their doctors do, and they should get some level of authority over where that information goes and who has access to it.

HIPAA Security Rule

• Only falls under the protection of ePHI. ePHI is the electronic version of all things that are considered PHI. 
• Ensures the confidentiality, integrity, and availability of all ePHI that is created, received, maintained, or transmitted.
• Identify and protect against reasonably anticipated threats to the security or integrity of the information.
• Protect against impermissible uses or disclosures of ePHI that are reasonably anticipated.
• Government Agencies, Covered Entities (Health Plans, Doctors, Dentists, Clinics, Pharmacies), and Business Associates are required to implement physical, technical and administrative safeguards.

If you would like general information about HIPAA, click to view the HIPAA page. Or, if you would like information regarding Travis County’s HIPAA Policies, or to report a suspected privacy concern, contact the Travis County Compliance and Privacy Officer.