Health Privacy Laws

Health and medical records can be among our most private and personal information. In the United States, privacy laws exist to protect this information, and when privacy violations occur, they provide people with legal options to hold the party accountable.

Medical & Health Privacy Laws & Regulations

A variety of different laws and regulations protect patients’ privacy, both at the state and federal levels. Our medical privacy lawyers represent those whose rights may have been violated under laws such as:

California Confidentiality in Medical Information Act
California’s Confidentiality in Medical Information Act requires that health care providers, HMOs, and other health care contractors obtain patients’ written authorization before disclosing medical information, with some exceptions. It also requires that these entities establish procedures to ensure the confidentiality of patient medical records and health information in their possession and that they properly dispose of any medical record information in a way that preserves patient confidentiality.

Health Insurance Portability and Accountability Act (HIPAA) of 1996
HIPAA is probably the best known law concerning patient privacy. The Act establishes the HIPAA Privacy Rule, which protects the privacy of individually identifiable health information; the HIPAA Security Rule, which sets national standards for the security of electronic protected health information; and the confidentiality provisions of the Patient Safety Rule, which protects identifiable information from being used to analyze patient safety events and improve patient safety. Learn more about HIPAA.

American Recovery and Reinvestment Act (ARRA) of 2009
The ARRA expands on HIPAA privacy and security laws, authorizing increased civil monetary penalties for HIPAA violations for covered entities (i.e., health care providers, plans, clearinghouses, and their business associates). The ARRA defines a breach of patient health information as the unauthorized acquisition, access, use, or disclosure of patient health information.

FTC Health Breach Notification Rule
The Federal Trade Commission (FTC) has established the Health Breach Notification Rule, which requires certain businesses not covered by HIPAA to notify their customers and others if there is a breach of unsecured, individually identifiable electronic health information. Under the FTC’s Rule, companies that have had a security breach must: 1) notify everyone whose information was breached; 2) notify the FTC; and 3) notify the media, in some cases. Businesses that violate the Health Breach Notification Rule may be subject to a civil penalty of up to $16,000 per violation.

Questions about Medical Privacy Laws?

Speak with one of our medical privacy lawyers by filling out the form to the right.