HIPAA provides privacy protection for individual patients. HIPAA covers all medical information, demographic information or anything that can be used to identify a patient. Items that are protected include address, name, birth date, social security number, to name a few. Patients also must be notified of their rights under the HIPAA law.
A patient's information may be deidentified. In order for it to be deidentified, all data that could identify the patient has to be removed. The deidentified data then can be used for the purposes of research or public health activities.
Otherwise, in order to disclose a patient's health information, the health care organization must have the patient's written consent.