Patient’s Guide to HIPAA – Learning About HIPAA: What are Fair Information Practices and How Do They Relate to HIPAA?





You are reading the Patient’s Guide to HIPAA, FAQ 10

HIPAA Guide Quick Links:


FAQ 10: What are Fair Information Practices and How Do They Relate to HIPAA?

If you read the HIPAA privacy rule – and stayed awake while doing it – the rule would appear to be a welter of detailed and uncoordinated provisions. It actually has a structure, but that structure is difficult to appreciate unless you know about Fair Information Practices, or unless you read the original preamble to the rule from 2000.

The rule implements Fair Information Practices (FIPs), an established set of principles for addressing concerns about information privacy. FIPs are especially significant because they form the basis of many privacy laws in the United States and, to a much greater extent, around the world. Understanding FIPs makes it easier to make sense of the HIPAA privacy rules.

The eight FIPs generally recognized are:

1) Openness;

2) Use Limitation;

3) Purpose Specification;

4) Collection Limitation;

5) Data Quality;

6) Security;

7) Access and Correction; and

8) Accountability.

We could discuss FIPs here in more detail, but it would be a distraction.

Different versions of FIPs exist, and the actual application of FIPs to any set of personal records can be complex, variable, and controversial. We just want you to know that there are basic principles of information privacy that HIPAA mostly implements. You can read a short introduction to FIPS here: Understanding FIPs is not essential to understanding HIPAA, but it may help some people. But if you are interested, you can find a short history of FIPs at



Roadmap: Patient’s Guide to HIPAA: Part 1: Learning About HIPAA (FAQ 10 of 65)

Jump to list of FAQs 1-65 | See all of Part 1