Privacy Regulations

Privacy and confidentiality of health information had been protected by makeshift federal
and state legislation until the 1970s when The Privacy Act of 1974 was established and
made into law.
The Privacy Act of 1974, gave people control over the information that was collected about
them by government agencies. The regulation gave people the right to find out what
information has been collected about them, to see and have a copy of that information, to
correct and amend the information and have control as to what information can be
disclosed to other parties.
More recent legislation is the Standards for Privacy of Individually Identifiable Health
Information, known as HIPAA was enacted in 1996. HIPAA establishes regulations for the
security of health information that are kept by health plans, clearinghouses, which store
health information and health care providers that have interoperability to transmit
information electronically. With the enactment of HIPAA, organizations must establish
policies and put into place procedures to stay in compliance with legislation.

Privacy Laws & Regulations

The Privacy Rule -HIPAA provides baseline requirements to reserve the complete confidentiality of protected health
information(PHI) regardless of type of health record, paper, hybrid or electronic.
Protects individuals health records and other individually recognizable health information created, retained, or
received by or on behalf of covered entities and their business associates
Protects individuals PHI by regulating the circumstances under which covered entities may use and disclose
protected health information
Provides final privacy provisions of those individuals who are treated in federally and state assisted drug and alcohol
programs for alcohol and drug abuse, sexually transmitted diseases or mental health disorders
State legislation may have special privacy requirements which work together with HIPAA laws and regulations
regarding insurance, workers compensation, public health or research information covered under this provision
Covered entities are required to have contracts or other arrangements in place with business associates that perform
functions for or provide services to, or on behalf of, the covered entity
Gives individuals rights with respect to their protected health information, including rights to inspect and obtain a
copy of their health records and to request corrections
Federally operated healthcare organizations such as VA Administration hospitals and Indian Health Services as well
as their record systems operation pursuant to a contract with the federal agency they are bound to the provisions of
The Privacy Act of 1974 and the Standards for Privacy of Individually Identifiable Health Information Act

Overview
Safeguarding the privacy, security, and confidentiality of personal health
information has been a important principle for the health information
management (HIM) profession during their 80 year history. Their challenge of
maintaining the privacy and security of patient information today, continues to
become more difficult as information becomes increasingly interchangeable in
electronic systems and has legislation and regulations change. This task
requires more responsibility due to the changing regulatory environment. HIM
professionals will ensure they use their knowledge to protect health
information and guarantee the right information is presented to the right
people at the right time.

Sources
Hughes, Gwen (2002 Nov) AHIMA Practice Brief Laws and Regulations
Governing the Disclosure of Health Information
Retrieve from:
http://library.ahima.org/xpedio/groups/public/documents/ahima/bok1_016464.hc
sp?dDocName=bok1_016464