The Privacy Rule standards address the use and disclosure of individuals’ health information—called “protected health information” by organizations subject to the HIPAA Privacy Rule — called “covered entities,” as well as standards for individuals’ privacy rights to understand and control how their health information is used. Within HHS, the Office for Civil Rights (“OCR”) has responsibility for implementing and enforcing the Privacy Rule with respect to voluntary compliance activities and civil money penalties. – HHS