Privacy & Security
HIPAA Privacy Rule:
The HIPAA Privacy Rule institutes business processes to protect the use and disclosure of protected health information (PHI). PHI is individually identifiable health information, including demographics, in paper, electronic, or oral form. PHI is not limited to the documents contained in the official medical record. The HIPAA Privacy Rule allows the use and disclosure of PHI for treatment, payment and health care operations without written authorization from the patient. Other uses and disclosures require permission. The compliance date for the HIPAA Privacy rule was April 14, 2003.
HIPAA Security Rule:
The HIPAA Security Rule is designed to provide protection for all individually identifiable health information that is maintained, transmitted or received in electronic form—not just the information in standard transactions. All covered entities were to be in compliance with the HIPAA Security Rule no later than April 20, 2005. The safeguards in the HIPAA Security Rule are divided into three categories: Administrative Safeguards, Physical Safeguards, and Technical Safeguards.
Specific information regarding HIPAA Privacy and Security can be found on the TMA Privacy Office Web site at