Various laws protect patients' medical information.
Chances are that at some point during a doctor's appointment or hospital visit, you've wondered what happens to all of your medical information, and whether it ends up in some giant storage closet or a trash dumpster out back. Patients may feel at ease knowing that their medical information is protected by federal law and, in some instances, state law as well.
Health Insurance Portability and Accountability Act
HIPAA is a federal law that, among other things, requires doctors to protect the privacy and security of patients' individually-identifiable medical records. HIPAA's Security Standards require doctors to store patients' electronic medical information using procedures and mechanisms that ensure confidentiality and integrity of the information, notes the American Medical Association. This law requires that health care providers have administrative, physical and technical safeguards in place to protect health information about patients. While the law doesn't specify what storage technology health care providers must use, it does specify that they must secure personal information.
American Recovery and Reinvestment Act
The American Recovery and Reinvestment Act amended and expanded various HIPAA regulations. One amendment to the law instituted a regulation that took effect on September 23, 2009 requiring that all health care providers notify patients if security breaches result in their information becoming vulnerable to viewing or access by unauthorized individuals. Additionally, this law prohibits the unauthorized sale of medical information and requires that covered entities maintain records of personnel that have access to medical information. It also requires that these entities set policies to ensure that access to sensitive information is restricted and use data encryption technology to further ensure records are kept private.
Public Health Service Act
Any patient information relating to substance abuse and chemical dependency and related treatment is protected by the Public Health Service Act's Section 543, referred to as Substance Abuse Confidentiality Requirements. This law and its implementing regulations supersede HIPAA and all state laws relating to medical records, notes the Electronic Privacy Information Center. It requires that information disclosures related to substance abuse or chemical dependency be authorized in writing by the patient.
State Privacy Laws
Many states have laws that cover various areas related to the confidentiality of medical information, including how medical records are stored and who can access them. Some states have also passed laws related to the confidentiality of medical records of individuals with certain types of conditions, such as HIV/AIDS, according to the Electronic Privacy Information Center. Federal laws typically supersede state laws, unless state laws are more stringent than the federal ones. However, covered entities are required, whenever possible, to be in compliance with both state and federal privacy laws.
Tags: medical information, medical records, requires that, care providers, health care
