The Health Insurance Portability and Accountability Act (HIPAA) protects patient data of all forms from unauthorized access. Understanding and following HIPAA is vital to secure use of EHRs and is required by law.

• Health Insurance Portability and Accountability Act (HIPAA) [PDF – 498 KB]
• Notice of Proposed Rulemaking (NPRM): Modifications to the HIPAA Privacy, Security and Enforcement Rules [PDF – 338 KB]

The Department of Health & Human Services (HHS) Office for Civil Rights (OCR) administers privacy- and security-related issues, including HIPAA violations.

• HHS Office for Civil Rights - HIPAA

The Centers for Medicare & Medicaid Services (CMS) uses the OCR standards for Privacy and Security.

• CMS Security Standard
• Comparison to 42 CFR Part 2 (Confidentiality of Alcohol and Drug Abuse Patient Records)

The 2002 CFR Title 42 on public health is available for reference on the confidentiality of alcohol and drug abuse patient records. The CFR includes the chapter that outlines CMS regulations.

• 2002 CFR Title 42 - Public Health Part 2 - Confidentiality of Alcohol and Drug Abuse Patient Records

The Privacy Act of 1974, 5 U.S.C. § 552a, establishes a code of fair information practices that governs the collection, maintenance, use, and dissemination of information about individuals that is maintained in systems of records by federal agencies. The Privacy Act requires that agencies give the public notice of their systems of records by publication in the Federal Register.

• The Privacy Act of 1974
• Family Educational Rights and Privacy Act (FERPA)
• Gramm-Leach-Bliley Act [PDF – 444 KB]