The HIPAA Privacy Rule
The HIPAA Privacy Rule establishes national standards to protect individuals' medical records and other personal health information and applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically. The Rule requires appropriate safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization. The Rule also gives patients rights over their health information, including rights to examine and obtain a copy of their health records, and to request corrections.
The Privacy Rule is located at 45 CFR Part 160 and Subparts A and E of Part 164.
Click here to view the combined regulation text of all HIPAA Administrative Simplification Regulations found at 45 CFR 160, 162, and 164.
Privacy Rule History
- December 10, 2020 - Modifications to the HIPAA Privacy Rule to Empower Patients, Improve Coordinated Care, and Reduce Regulatory Burdens - Proposed Rule*, **
- December 14, 2018 - Modifying the HIPAA Rules to Improve Coordinated Care - Request for Information (https://www.govinfo.gov/content/pkg/FR-2018-12-14/pdf/2018-27162.pdf)
- January 6, 2016 - HIPAA Privacy Rule and the National Instant Criminal Background Check System (NICS) - Final Rule
- February 6, 2014 - Patients' Access to Test Reports Under the HIPAA Privacy Rule and the Clinical Laboratory Improvement Amendments of 1988 (CLIA) Program - Final Rule
- January 7, 2014 - HIPAA Privacy Rule and NICS - Proposed Rule
- April 23, 2013 - HIPAA Privacy Rule and NICS - Advance Notice of Proposed Rulemaking
- January 25, 2013 - Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules under the Health Information Technology for Economic and Clinical Health (HITECH) Act and the Genetic Information Nondiscrimination Act, and Other Modifications - Final Rule (The "Omnibus HIPAA Final Rule")
- September 14, 2011 - Patients' Access to Test Reports Under the HIPAA Privacy Rule and CLIA Program - Proposed Rule
- May 31, 2011 - HIPAA Privacy Rule Accounting of Disclosures Under the HITECH Act - Proposed Rule (https://www.govinfo.gov/content/pkg/FR-2011-05-31/pdf/2011-13297.pdf)
- July 14, 2010 - Modifications to the HIPAA Privacy, Security, and Enforcement Rules under the HITECH Act - Proposed Rule
- May 3, 2010 - HIPAA Privacy Rule Accounting of Disclosures Under the HITECH Act - Request for Information (https://www.govinfo.gov/content/pkg/FR-2010-05-03/pdf/2010-10054.pdf)
- October 7, 2009 - HIPAA Privacy Rule; Modifications Under the Genetic Information Nondiscrimination Act - Proposed Rule
- August 14, 2002 - Modifications to the HIPAA Privacy Rule - Final Rule (PDF)
- March 27, 2002 - Modifications to the HIPAA Privacy Rule - Proposed Rule (PDF)
- February 28, 2001 - Request for Comments on December 28, 2000, Final HIPAA Privacy Rule (PDF)
- February 26, 2001 - Correction of Effective and Compliance Dates of the Final HIPAA Privacy Rule (PDF)
- December 29, 2000 - Technical Corrections to the Final HIPAA Privacy Rule (PDF)
- December 28, 2000 - HIPAA Privacy Rule - Final Rule (PDF)
- November 3, 1999 - HIPAA Privacy Rule - Proposed Rule (PDF)
* This HHS-approved document is being submitted to the Office of the Federal Register (OFR) for publication and has not yet been placed on public display or published in the Federal Register. This document may vary slightly from the published document if minor editorial changes are made during the OFR review process. The document published in the Federal Register is the official HHS-approved document.
** People using assistive technology may not be able to fully access information in this file. For assistance, contact the HHS Office for Civil Rights at (800) 368-1019, TDD toll-free: (800) 537-7697, or by emailing OCRMail@hhs.gov.
Other Privacy Rule Notices
- March 20, 2003 - Notice of Addresses for Submission of HIPAA Health Information Privacy Complaints (PDF)
- March 11, 2003 - Notice of Address for Submission of Requests for Preemption Exception Determinations (PDF)
- December 28, 2000 - Statement of Delegation of Authority to the Office for Civil Rights (PDF)
Other Administrative Simplification Rules
Frequently Asked Questions for Professionals - Please see the HIPAA FAQs for additional guidance on health information privacy topics.