The Carosh Privacy Assessment focuses on the Privacy Rule requirements contained in 45 CFR Part 160 and Part 164 Subparts A and E.  The Privacy Rule establishes national standards to protect individual’s medical records and other personal health information and applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically along with their Business Associates.

The Privacy Rule requires appropriate safeguards to protect the privacy of personal health information, and sets limits and conditions on the use and disclosure of the information without patient authorization. The rule also gives patients personal rights over their health information, including rights to examine and obtain copies of their health records, and to request corrections to their medical record.