The HIPAA Privacy Rule establishes national standards to protect individuals’ medical records and other personal health information and applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically.  The Rule requires appropriate safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization. The Rule also gives patients rights over their health information, including rights to examine and obtain a copy of their health records, and to request corrections.

The Privacy Rule is located at 45 CFR Part 160 and Subparts A and E of Part 164. 

Click here to view the combined regulation text of all HIPAA Administrative Simplification Regulations found at 45 CFR 160, 162, and 164.

Privacy Rule History

• August 14, 2002 - Modifications to the HIPAA Privacy Rule – Final Rule  (PDF - PDF)
• March 27, 2002 - Modifications to the HIPAA Privacy Rule – Proposed Rule  (PDF - PDF)
• February 28, 2001 - Request for Comments on December 28, 2000, Final HIPAA Privacy Rule  (PDF - PDF)
• February 26, 2001 - Correction of Effective and Compliance Dates of the Final HIPAA Privacy Rule  (PDF - PDF)
• December 29, 2000 - Technical Corrections to the Final HIPAA Privacy Rule  (PDF - PDF)
• December 28, 2000 - HIPAA Privacy Rule – Final Rule  (PDF - PDF)
• November 3, 1999 - HIPAA Privacy Rule – Proposed Rule  (PDF - PDF)
• Learn about the Rulemaking History of the HIPAA Enforcement Rule, 45 CFR Part 160, Subparts C, D, and E. 

Other Privacy Rule Notices

• March 20, 2003 - Notice of Addresses for Submission of HIPAA Health Information Privacy Complaints  (PDF - PDF)
• March 11, 2003 - Notice of Address for Submission of Requests for Preemption Exception Determinations  (PDF - PDF)
• December 28, 2000 - Statement of Delegation of Authority to the Office for Civil Rights   (PDF - PDF)