The HIPAA Privacy Rule provides federal standards to safeguard the privacy of personal health information and gives patients an array of rights with respect to that information, including rights to examine and obtain a copy of their health records and to request corrections. The U.S. Department of Health & Human Services' (HHS) Office of Civil Rights (OCR) oversees compliance with HIPAA privacy requirements.
For more background, read AMA’s letters on this topic.
- HIPAA privacy practice notice (DOCX)
- HIPAA privacy request form (DOC)
- HIPAA associate agreement (DOCX)
- HHS guidance on HIPAA Privacy Rule
- Individual rights on accessing health information
- Incidental uses of Privacy Rule
- Minimum necessary standard related to the Privacy Rule
- Personal representatives in relation to HIPAA Privacy Rule
- Disclosing health information to business associates
- Disclosures related to HIPAA
- How health information is used for marketing purposes
- Access to health information for public health reasons
- How health information is used for research purposes
- Disclosure for workers' compensation
- Notifying individuals about privacy practices for health information
- Government access to health information
- Access to health information of the deceased
- Disclosing student immunization information
- Defining appropriate marketing communications for individuals
- Use of individual data in health information technology
- Patient health information rights (PDF)
This resource is provided for informational and reference purposes only and should not be construed as the legal advice of the American Medical Association. Specific legal questions regarding this information should be addressed by one's own counsel.