Login
Get a Demo

Live Dec 18: See 2025’s Most Impactful Trainings and What to Prioritize in 2026 – Save Your Seat.

Learning About the HIPAA Privacy Rule

In this chapter, we will learn about one of HIPAA's most important regulations, the Privacy Rule. In 2003, there were some important amendments to the HIPAA law. The Privacy Rule and Security Rule were put in place to provide a guideline for protecting PHI. 

Learning About the HIPAA Privacy Rule

What does the Privacy Rule do?

The Privacy Rule protects all individually identifiable health information held or transmitted by a covered entity or its business associate. Regardless of which form the PHI comes in, whether it be electronic, paper, or oral, it is protected under the HIPAA Privacy Rule.

What does the Privacy Rule do?

What Info is Protected by the HIPAA Privacy Rule?

The HIPAA Privacy Rule protects all personal health information, also known as PHI. This includes demographic information, such as age, race, and gender; physical or mental condition of the individual that relates to the past, present, or future physical or mental condition of an individual; and the payment for or provision of healthcare.

What Info is Protected by the HIPAA Privacy Rule?
Get started today in 5 minutes
How to De-Identify Data

Sometimes healthcare organizations or their business associates may want to share information with each other for business purposes. In order to do so, they must de-identify their PHI. It also is important to note that certain health information maintained by a covered entity is not protected by the Privacy Rule.

1
Using De-Identified Health Information

Health information that is de-identified can be used and disclosed by a covered entity without the patient's authorization. Additionally, wearable devices that track patient information are considered PHI according to HIPAA law, but only if they are sponsored by a covered entity or business associate. If the third party device or app developer was not contracted by a HIPAA covered organization, then the data they collect is not considered PHI.

2
Removing Identifiers

To de-identify data, a covered entity must remove all 18 identifiers, except for vague identifiers such as "age under 90" and "state of residence." In addition, identifiable information alone is not PHI. For example a diagnostic code by itself is not PHI. But a healthcare payment receipt with the patient’s email address is PHI.

3
What exactly is PHI?

PHI excludes health information that is de-identified according to specific standards. PHI is considered to be de-identified when information does not identify an individual or when there is “no reasonable basis to believe that the information can be used to identify an individual.”

What Information is Considered PHI

It is important that you clearly understand what information is considered PHI. Learn about the 18 identifiers that are protected under HIPAA law.

Here are some myths to look out for:

  • -

    Online Data

  • -

    Dates

  • -

    Identification Proof Data

  • -

    Addresses

  • -

    Names

  • -

    Physical Data

  • -

    Contact Info

  • -

    Unique Data

Image for See why 8,000+ businesses love EasyLlama
See why 8,000+ businesses love EasyLlama

Protect Patient Information with HIPAA Privacy Rule Training

HIPAA Privacy Rule Training is a crucial step in ensuring patient information is properly protected. EasyLlama’s training helps healthcare providers, staff and other personnel working with patient information to understand their responsibilities in protecting the information. Our HIPAA course covers topics such as the use and disclosure of protected health information, individual rights, policies and procedures, and the use of appropriate safeguards. It is important for everyone to be aware of their responsibilities under the HIPAA Privacy Rule so that all patient information is kept safe and secure.

Protect Patient Information with HIPAA Privacy Rule Training

Helping over 8,000 organizations create a safer, more productive workplace

logo 1
logo 2
logo 3
logo 4
logo 5
logo 6
logo 7
logo 8
logo 9
logo 10
logo 11
logo 12
logo 13
logo 14
logo 15
logo 16
logo 17
logo 18
logo 19
logo 20
logo 21
logo 22
logo 23
logo 24
logo 25
logo 26
logo 27
logo 28
logo 29
logo 30
logo 31
logo 32
logo 33
logo 34
logo 35
logo 36
logo 37
logo 38
logo 39
logo 40
logo 41
logo 42
logo 43
logo 44
logo 45
logo 46
logo 47
logo 48
logo 49
logo 50
logo 51
logo 52
logo 53
logo 54
logo 55
logo 56
logo 57
logo 58
logo 59
logo 60
logo 61
logo 62
logo 63
logo 64
logo 65
logo 66
logo 67
logo 68
logo 69
logo 70
logo 71
logo 72
logo 73
logo 74
logo 75
logo 76
logo 77
logo 78
logo 79
logo 80
logo 81
logo 82
logo 83
logo 84
logo 85
logo 86
logo 87
logo 88
logo 89
logo 90
logo 91
logo 92
logo 93
logo 94
logo 95
logo 96
logo 97
logo 98
logo 99
logo 100
logo 101
logo 102
Get more from easyLlama
The Most Comprehensive HIPAA Training Solution

EasyLlama’s online training course helps prepare employees to navigate HIPAA. This course provides an in-depth examination of how to respond to a breach of confidential data and the best way to protect your patients. The course covers:

Chapter 1: Introduction and Overview of HIPAA
Chapter 2: The Privacy Rule
Chapter 3: Minimum Necessary Requirements
Chapter 4: How and When to Use PHI
Chapter 5: Individual Rights
Chapter 6: Business Associate Agreement
Chapter 7: The Security Rule
Chapter 8: The Enforcement Rule
Chapter 9: The Breach Notification Rule
Chapter 10: HIPAA Timeline and Updates
Get more from EasyLlama
Discrimination in the Workplace
Discrimination in the Workplace
Learn more
Race Discrimination in the Workplace
Race Discrimination in the Workplace
Learn more
Socioeconomic Diversity in the workplace
Socioeconomic Diversity in the workplace
Learn more
lama
Empower Your People. Strengthen Your Workplace.
Schedule a demo to see how EasyLlama makes training easier, workplaces safer, and business outcomes stronger — all in one platform.
Get a Demo
lamalama