HIPAA’s Privacy Rule protects the privacy of individuals’ health information while allowing the flow of health information needed to provide high-quality health care. It requires health plans, including small group plans, to safeguard the confidentiality of personal health information and informs individuals about their rights regarding their personal health information.