We're sorry, but OSHAcademy doesn't work properly without JavaScript enabled. Please turn on JavaScript or install a browser that supports Javascript.

625 HIPAA Privacy Training
Skip to main content

General Rules

The Security Rule defines "confidentiality" as ensuring e-PHI isn't disclosed or available to unauthorized individuals.

A manilla folder with the stamped words HIPAA and CONFIDENTIAL stamped on it.
Confidentiality - e-PHI is not available or disclosed to unauthorized persons.

The confidentiality requirements of the Security Rule align with the Privacy Rule's prohibitions against improper uses and disclosures of PHI.

Let's take a look at a scenario about disclosing information to others inappropriately.

Scenario

Situation: Joan works in a cardiology practice. The physicians in the practice admit patients to a local hospital. Joan schedules a hospital admission for a friend, Nell, who attends the same church as Joan. At church the following Sunday, several members ask Joan if she knows anything about Nell's condition. How should Joan respond?

Response: Joan must not disclose any information about Nell obtained as a result of her work in the cardiology practice, not even with Joan's family or friends. Joan should politely inform the concerned church members that federal laws prohibit the sharing of confidential information about patients without their expressed permission.

Knowledge Check Choose the best answer for the question.

3-4. The Security Rule defines "confidentiality" to mean that e-PHI is _____.