The major goal of the HIPAA (Privacy Rule) is to assure that individuals health information is properly protected while allowing the flow of health information which is needed to provide and promote high quality health care and to protect well being of public. The rule strikes a balance that permits important uses of information, while protecting the privacy of people who seek care and healing. Given that the health care marketplace is diverse, the rule is designed to be flexible and comprehensive to cover a variety of uses and disclosures that need to be addressed keeping information protected.
The Privacy Rule protects all "individually identifiable health information" held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral. The Privacy Rule calls this information "protected health information (PHI)."
“Individually identifiable health information” is information, including demographic data, that relates to:
the individual’s past, present or future, physical/mental health condition,
the provision of health care to the individual, or
the past, present, or future payment for the provision of health care to the individual, and that identifies the individual or for which there is a reasonable basis to believe it can be used to identify the individual.
Individually identifiable health information includes many common identifiers (e.g., name, address, birth date, Social Security Number).