Download Locations:
Summary:
On December 28, 2000, the Secretary of Health and Human Services (HHS) issued a final regulation to protect the privacy of personally identifiable medical information. Modifications to the privacy rule were published on August 14, 2002. The modified final rule, which covers health care providers, health plans, and clearinghouses, gives patients the right to inspect, copy and, in some cases, amend their medical records. Covered entities are permitted to use and disclose health information for routine health care operations and for various specified national priority activities (e.g., law enforcement, public health, research). They are required to have in place reasonable safeguards to protect the privacy of patient information and limit the information used or disclosed to the minimum amount necessary to accomplish the intended purpose of the use or disclosure. Health plans and providers must obtain a patient's prior written authorization to use or disclose information for most other purposes. Covered entities that fail to comply with the rule are subject to civil and criminal penalties, but patients do not have the right to sue for violations of the law. The health privacy rule does not preempt, or override, state laws that are more protective of medical records privacy. The compliance deadline for most covered entities is April 14, 2003.
