Privacy Law: Need, Importance, the HIPAA Privacy Rule


The term ‘privacy’ has been one of high concern and is of great importance to co-exist in society. Privacy enables individuals to with hold personal information from being leaked or discussed in public. This information may include any personal data including their health details, their personal financial accounts, their correspondence, their choices, just about any thing that belongs and relates to a particular individual and no one else.

Since privacy has acquired a place among some of the most crucial laws in the contemporary times (Rotenberg M., 2000), the importance of privacy has augmented in the global scenario and almost all the countries of the world have included privacy as a legal right in their constitutions.

However, it is very difficult to define the right to privacy (Michael J., 1994), and there are numerous variations to the term ‘privacy’ depending upon the context in which it is related to. Privacy has been perceived and expressed diversely by different individuals. Some authors consider privacy to be the boundary which bars society from interfering in an individual’s personal affairs (Davies S., 1996). Others have stressed the importance of privacy stating that in some way all of the constitutional rights of a person are “aspects of the right to privacy” (Fernando V., 1981). In his review, Edward Bloustein (1964) has categorized privacy as a vital facet of the human personality as it safeguards the individuality of a person and his honor, liberty and self-esteem. No matter what privacy implies to different individuals, it is clear that it is an issue of crucial importance and an important means of peaceful co-existence in society.

Facets of privacy

The Privacy International website segregates privacy into four basic types.

The first type is the privacy of information which comprises of the rules and regulations for the compilation and management of important personal details of individuals relating to their financial dealings and the health and medical information of persons in private organizations or government agencies. The privacy law relating to this personal information is known as ‘data protection’ (

The second category of privacy is the physical privacy which involves the protection of individuals against certain tests and procedures without their permission or knowledge. These tests include genetic tests, testing of drugs and other medical tests for which the consent of the individual is entirely crucial (

The third aspect of privacy relates to communication which includes the safeguarding of the various forms of communication of individuals which may be in the form of mail, telephonic conversations and records, e-mails and the various types of communications present (

Territorial privacy is the fourth aspect of privacy and relates to the marking of boundaries and barriers in the physical territories of individuals which includes their residential places, their work places and any other such terrains which are accessed by them. These terrains cannot in intruded upon by any kinds of search or video scrutiny or even ID checks without prior permission by the concerned governmental agencies and offices (

The need and importance of Privacy Laws

Privacy has gained the status of being a fundamental right and has gained the status of becoming an important law in the United States of America. Although the inclusion of the law is relatively recent, there are historical references of legal privacy rights in Alan Westin’s Privacy and Freedom and The Right to Privacy (1995) by Ellen Alderman & Caroline Kennedy. In keeping with the privacy law, the supreme court of America offers constitutional safeguarding of the health information of individuals providing individuals their right to privacy of personal health information thereby prohibiting the disclosure of any such information by health organizations.

This right however is not an absolute right, for instance, there is no prohibition of demographic disclosure of infectious diseases to avert more infections. Since most people believe that they should have exclusive rights to their private health information, the HIPAA act has come into force, which effectively protects the personal health information rights and sensitive information which many health organizations encompass by virtue of the treatment and services offered to the patients, in order to treat them or to better their health.

Many authors and writers have argued that the right to ones private and personal information is an important one and the revelation of people’s private information and data can lead to harming their personal lives leading to social exploitation (Westin A., 1967). They maintain that the liberty to control and disclose personal information belongs only to the concerned person and the disclosure of the same as to “when, how, to whom, and where” (Smith, 1997) is a matter of individual choice.

The right to privacy has also been defined as the right of an individual to “be alone” (Brandeis & Warren, 1890).

Several contemporary authors have stressed on the need and importance of privacy stating that the right to privacy is what enables individuals to maintain secrecy of “certain facts to ourselves if we so choose” thereby making us “civilized” (Alderman & Kennedy, 1995).

The right to privacy in the modern world has also been determined as a personal choice of individuals or groups of individuals or even organizations to decide “when, how and to what extent” their personal information is “communicated” (Cavoukian & Tapscott, 1995).

Thus we see that the concerns regarding privacy and individuals claiming rights to the privacy of their personal information is not a contemporary issue but one which has been a cause of concern since many decades. Although the government and the constitution has granted the issue of privacy, the status of a law only recently, the arguments regarding the screening of personal information and data by organizations is ancient. It is therefore important to use all personal information in a responsible manner and in ways only specified by the constitution of the nation.

Consumer Privacy

The personal information or data relating to persons can be particularly beneficial to businesses and collaborations, as it can define and denote clearly the needs and choices of consumers. The data can also enable businesses to develop and improve their products and goods by the facts and statistics they have in the form of personal information of people. In order to achieve this information, corporations are constantly trying to get hold of personal information of their potential customers, which would benefit their business and the sale of products greatly. This not only enables them to provide improved products and service but also compete with their competitors in their race for retaining their clients. Thus, knowledge gives business corporations the edge over their competitors to satisfy their consumers and to retain them by keeping them happy and content, with their constant innovations and improvements, which they undertake by way of the valuable information they possess. This information which business house posses regarding their customers may sometimes be leaked or spread and could harm the person’s self-respect, hurting his pride. In view of this, there is a privacy law, an act to protect the personal information of individuals to prohibit the use in such a way that it causes harm to a person. This law is known as the Privacy Law.

The personal information or any kind of data could also enable certain crimes to take place. For example, the “identity theft” is used by criminals to assume the identity of the person whose personal information they may have acquired. An example of an act passed due to a crime committed by the acquiring of a driver’s license is the ‘Drivers Privacy Protection Act’. There are several cases when heinous crimes are committed by the use of personal information of the targets and in order to avoid this, the Privacy act has been put into force.

The prime purpose of the Privacy Law is the protection of personal information and data so that it cannot be used for purposes which can cause any kind of physical or emotional harm to the individuals.

The Privacy Law

The Privacy law is actually a Privacy act, part of the Public Law, which was passed on the 31st of December 1974, by the Congress of the United States of America to prevent the exploitation of privacy. The privacy law is for the prevention of abuse of privacy of any individual (5 USC s. 552a, 2) and prohibits the revelation of the collected records in the database of any company, without the prior written consent by the individual.

According to the ‘US CODE: Title 5,552a. Records maintained on individuals’ the privacy Law is available for several purposes and the data and private details of individuals may be used for certain specified purposes by the ‘Bureaus of the Census’ and ‘Labor Statistics’, strictly for statistical reasons (US CODE: Title 5,552a. Records maintained on individuals). The United States government agencies also have the power to use the data base of individuals for routine purposes as well as for archival uses (US CODE: Title 5,552a. Records maintained on individuals). The additional use of the private individual database can also be used for the purpose of law enforcement by the government along with congressional investigations and several other administrative purposes by the government (US CODE: Title 5,552a. Records maintained on individuals).

However, the government of the United States of America makes it mandatory for all the government agencies to avert the unlawful disclosure of the personal records by means of strict security systems at the governmental levels.

The ‘Standards for Privacy of Individually Identifiable Health Information’ (“Privacy Rule”) has instituted nationalized standards with the aim and purpose of safeguarding the health information of individuals. In accordance with this, the United States Department of Health and Human Services (HHS) has put into practice the HIPAA (Pub. L. 104-191). According to this Privacy rule, the health information of individuals has to be protected by the concerned institutes and the information and data cannot be used except for the specified purposes of providing optimal health care practices to the concerned persons.

The HHS has a special office, the OCR (Office for Civil Rights), which is responsible for the execution and implementation of the Privacy rule. The office also functions to monitor the activities of compliance of the various organizations and the financial punishments levied upon those who are charged and found guilty (United States Department of Health and Human Services).

The HIPAA Privacy Rule

The HIPAA is an abbreviation for the ‘Health Insurance Portability & Accountability Act’ which came into force on the 21st August 1996 (Public Law 104-191, the Kennedy Kassenbaum Act). This act is also known as the ‘Kennedy-Kassebaum Act’. The HIPAA act was enacted to improve effectiveness in the deliverance of healthcare by means of regulation of the exchange of data and information through the electronic medium. The act makes it mandatory for the Health insurance sector to protect the privacy of the health information which they possess, past, present or future, of the individual, by setting up and implementing standards for data protection. The law includes the guidelines for the simplification of the administrative functions of the health care system and the homogeny of the “electronic transmittal of billing and claims information”, whereby the electronic exchange of data would not augment the potential for the misuse of the health information of individuals but would on the other hand augment the secrecy and the privacy of the available health data of the concerned persons, which would never be disclosed under certain specified circumstances.

Before the passing of the HIPAA there was lack of homogeny and standardization of the rules and conventions between the different states or even the different organizations. Thus, there was absolute confusion regarding the laws to be followed, if one organization functioned in more than one state, exposing the personal health information of individuals to jeopardy. The HIPAA was instrumental in providing uniformity and consistency in the conventions and set of laws which had to be adhered to by all health organizations, irrespective of which state they functioned in.

The HIPAA does lay down certain rules and laws which are very clear and lucid. For instance when a person is being transferred to another institute or organization or office, the only obligation is to mention the individual’s medical information and not the financial details. Or contrastingly, during the billing formalities of the individual, only the financial details are to be considered, as such there is no need to provide the medical history of the individual. This reduces the risk of exposure of the individual to a great extent. However, the personal medical details of the individual must not be accessible to any person, a compliance which is seldom adhered to in most originations.

If any firm, office or organization is found or proved not adhering to the rules and regulations of the HIPAA with regard to personal health information, the office of the HIPAA, has the right to levy heavy fines and penalties upon the guilty party.

Essentially the HIPAA affects al the national organizations and offices functioning in the field of health care and all the offices and industries in relation to it. These additional offices also include the insurance sector and the health practitioners including the doctors along with all those who are directly or indirectly associated in the business functions with them. Thus, HIPAA shall have an effect on health organizations including hospitals, private practitioners and their clinics, business consultants for the health care industry, the accountants, billing staff and companies and also the medical transcription businesses and their personnel.

The HIPAA is essentially a law pertaining to those organizations or offices which use the medium of electronic transfer for the transfer of data and information. The HIPAA does not apply to those offices or persons who do not use the medium of electronic transfer. However, the size of the institution is irrelevant when adhering to the HIPAA, irrespective of the size; they must follow the stringent rules and comply with all the regulations, lawfully.

The medical industry is at a particular focus of attention in the rules of the HIPAA as they directly deal with sensitive and personal health information of the patient. If some health agency or organization includes data or personal health information of a person which they transfer by means of electronic medium, there are stringent security regulations to be complied with. For instance, if a doctor has passed on individual information to the billing department from where it was leaked, the doctor will be responsible and punishable for the leak, rather than only the billing department. Both of the parties will have to bear the huge penalty by the office of the HIPAA. It is important to note here that the employee of the billing department or any other firm will not be held responsible or liable to the penalization by the office of the HIPAA< rather it will the ‘Business Associate’ which is the company, office or the firm from where the information has been leaked or spread.

Penalties by the HIPAA

The HIPAA office levies hefty penalties on the guilty parties for non-compliance. These penalties are in the form of fines which could be up to twenty five thousand dollars for many infringements in a single calendar year. The fines and penalties could also get more severe exceeding up to two-hundred and fifty thousand dollars with or without imprisonment for nearly ten years if the party is found guilty of deliberately using the health information of an individual to his benefit or for any other purpose ( Thus, the HIPAA is a strict law which includes severe penalties for those found guilty of breaching it. The punishments are not restricted to fines alone but also imprisonments of up to several years, in case of proved guilt.

The right to privacy has been a traditionally and culturally important right. There is evidence of this right in the Holy Scriptures including the Koran and the Teachings of Prophet Mohammad ( The Holy Bible also refers to individual privacy in many places ( There is mention of privacy in the Jewish law and in the ancient Chinese and Greek religions ( Thus, this right must be respected and protected, in order to maintain a civilized society.


Alderman E. & Kennedy C., 1995. The Right to Privacy. Publisher: Knopf NY.

Bloustein E., 1964; Privacy as an Aspect of Human Dignity, 39 New York University Law Review 971.

Brandeis L. & Warren S., 1890. “The Right To Privacy,” 4 Harv. L. Rev. 193.

Cavoukian A. & Tapscott D., 1995. Who Knows: Safeguarding Your Privacy in a Networked World. Random House.

Davies S., 1996. Big Brother: Britain’s Web of Surveillance and the New Technological Order 23.

Fernando V., 1981; “Legal Personality, Privacy and the Family”, Henkin (Ed), The International Bill of Rights (Columbia University Press).

Michael J., 1994; Privacy and Human Rights 1; UNESCO.

Privacy international website, 2008. Web.

Privacy policy website, 2008. Web.

Public Law 104-191, aka the Kennedy Kassenbaum Act, retrieved from The HIPAA privacy.

Rotenberg M., 2000; Protecting Human Dignity in the Digital Age, UNESCO.

Smith J. M., 1997. Private Matters: In Defense of the Personal Life.

The HIPAA privacy. Web.

The United States Department of Health and Human Services, Web.

US CODE: Title 5,552a. Records maintained on individuals retrieved from website of ‘Legal Information Institute’. Westin A., 1967. Privacy and Freedom.

Find out your order's cost