Rural hospitals' strategies for achieving compliance with HIPAA privacy requirements.

and Accountability Act (HIPAA) directed the Department of Health and Human Services (DHHS) to adopt uniform national standards to protect the confidentiality of health information. HIPAA requires hospitals and other covered entities to take steps to safeguard against the misuse of individually identifiable health information and to limit the sharing of this information. Health care consumers are granted rights to control how their health information is being used and disclosed. To ensure that the privacy rule does not impose an undue burden on these small providers that may not need and/or cannot support complex procedures, DHHS premised the privacy rule on the concept of scalability. Scalability refers to the expectation that covered entities implement privacy procedures that are appropriate to the organization’s size, available resources, existing technology and organizational needs. Thus, while standards are uniform, hospitals have flexibility to adopt privacy procedures that are appropriate for their individual circumstances.