HIPAA's Privacy Rule is designed to protect a patient's right to privacy and confidentiality, states the U.S. Department of Health and Human Services. Most health information is covered, including medical records, treatment and care conversations, and insurance and billing information. Some organizations don't need to follow these rules, however.
Any entity that offers health care plans, such as insurance companies, HMOs, Medicare and Medicaid, must abide by the Privacy Rule, states the U.S. Department of Health and Human Services. Most health care providers that supply information electronically, including doctors, hospitals, psychologists, nursing homes, pharmacies and dentists, are bound by the regulations. Contractors and subcontractors of covered entities and health care clearinghouses are also involved. Groups that are not required to conform include life insurance companies, employers, schools, law enforcement departments, and some local and state agencies.