Skip Navigation

Health Information Privacy

The Office for Civil Rights enforces the HIPAA Privacy Rule, which protects the privacy of individually identifiable health information; the HIPAA Security Rule, which sets national standards for the security of electronic protected health information; the HIPAA Breach Notification Rule, which requires covered entities and business associates to provide notification following a breach of unsecured protected health information; and the confidentiality provisions of the Patient Safety Rule, which protect identifiable information being used to analyze patient safety events and improve patient safety. 

 

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security and Breach Notification Rules

Learn about the Rules' protection of individually identifiable health information, the rights granted to individuals, breach notification requirements, OCR’s enforcement activities, and how to file a complaint with OCR. 
 

 

 

The Patient Safety and Quality Improvement Act of 2005 (PSQIA) Patient Safety Rule

Learn about the Patient Safety Rule's protection of confidential patient safety work product, the permitted disclosures of patient safety work product, OCR's enforcement activities, and how to file a complaint with OCR.