(By Margaret Riley, professor of law, public health sciences and public policy) The Health Insurance Portability and Accountability Act’s Privacy Rule is a federal law prohibiting health care providers, businesses and the people working with them – including administrative staff, laboratories, pharmacies, health insurers and so on – from disclosing your health information without your permission. When people talk about HIPAA, they typically refer to the Privacy Rule provision established in 2003, which is just one part of a broader law initially passed by Congress in 1996.