Picture1Under the Privacy Rule, HIPAA covered entities (health care providers and health plans) are required to provide individuals, upon request, with access to their protected health information (PHI) in one or more “designated record sets” maintained by or for the covered entity.

Covered entities are also required to protect the individual’s PHI from unauthorized disclosure.