The privacy final rule was published in the Federal Register, December 28, 2000. This rule became effective April 14, 2001. Providers, health plans and clearinghouses need to be compliant by April 14, 2003.

Individuals have the right to know what their privacy rights are and how protected health information may be used and disclosed. The Notice of Privacy Practices (NPP) provides individuals with this information.

Privacy provisions of the federal law, the Health Insurance Portability and Accountability Act (HIPAA), apply to health information created, maintained or received by health care providers, health plans, and health care clearinghouses who engage in certain electronic transactions.

The Department of Health and Human Services (DHHS) has issued the regulation, "Standards for Privacy of Individually Identifiable Health Information," applicable to individuals and entities covered by HIPAA.