Seven Guiding Principles of HIPAA Privacy Rules

 

   Quality and Availability of Care Nothing in the proposed HIPAA rules should interfere in any way, with the delivery of quality health care, or threaten the financial stability of health care organizations.

 

   Notice The Patient has a right to know what information is maintained about them, and how that information may be used or disclosed.

 

  Minimum Necessary The workforce of health care organizations  should access and use only the minimum necessary information about patients to accomplish their assigned duties.

 

   Onward Transfer The Patient has an ownership interest in their confidential information, and has a right to control subsequent uses and disclosures of their confidential information. They also have the right to request an accounting of all such disclosures.

 

   Data Security/Privacy/Integrity Those who store, process, transmit or use confidential patient information, have an obligation to reasonably protect its confidentiality, and to prevent unauthorized alterations.

 

   Access The Patient has a right to inspect their confidential information to ensure its accuracy and completeness, and to request that erroneous information be corrected.

 

   Enforcement The Patient has a right to redress of privacy violations. Health care organizations must reasonably prevent and detect the abuse of patient information, mitigate further loss, and sanction offenders.