This document discusses HIPAA privacy and security rules for protecting patient health information. It outlines that the HIPAA Privacy Rule provides protections for personal health information and gives patients rights over that information. The Security Rule specifies administrative, physical and technical safeguards for electronic protected health information. The document also notes that health plans, most healthcare providers, and healthcare clearinghouses are considered covered entities that must follow HIPAA regulations. These covered entities must implement safeguards to protect patient information and limit access to only those who need it to do their jobs. Employees are responsible for upholding HIPAA and can be terminated for violations.