Standards for privacy of individually identifiable health information; proposed rule.

The Standards for Privacy of Individually Identifiable Health Information (Privacy Rule/current rule) took effect on April 14, 2001. As required by the Health Insurance Portability and Accountability Act (HIPAA), the Privacy Rule covers health plans, health care clearinghouses, and those health care providers who conduct certain financial and administrative transactions electronically. Most covered entities must comply with the Privacy Rule by April 14, 2003. Small health plans have until April 14, 2004 to comply with the Rule. The Privacy Rule creates national standards to protect individuals' personal health information and gives patients increased access to their medical records. The Bush Administration is committed to strong patient privacy protections and continues to take steps to protect personal health information while maintaining access to quality health care. To ensure that the provisions of the final rule provide strong privacy protection without hindering access to health care, the Department of Health and Human Services is proposing modifications to the Privacy Rule.