(a) The HIPAA Privacy Rule (Standards for Privacy of Individually Identifiable Health Information) provides national standards for protecting the privacy of health information. The privacy rule regulates how certain entities, called "covered entities," use and disclose certain individually identifiable health information, called "protected health information" (PHI). PHI is individually identifiable health information that is transmitted or maintained in any form or medium (e.g., electronic, paper, or oral), but excludes certain educational records and employment records.

(b) Protected Health Information Privacy Rule protects certain information that covered entities use and disclose. This information is called "protected health information" (PHI), which is generally individually identifiable health information that is transmitted by, or maintained in, electronic media or any other form or medium. This information must relate to (1) the past, present, or future physical or mental health or condition of an individual; (2) provision of health care to an individual; or (3) payment for the provision of health care to an individual. If the information identifies or provides a reasonable basis to believe it can be used to identify an individual, it is considered individually identifiable health information.

(c) The Town of St. John will maintain the employee's health and medical records in accordance with the requirements of HIPAA.