The Health Insurance Portability and Accountability Act (HIPAA), enforced by the Office for Civil Rights since 1996, establishes national standards for protecting the privacy of individuals' identifiable health records and medical information. These measures distinguish between the primary and secondary purposes of individuals' health records and are especially concerned with protecting patient privacy when health records are utilized for any secondary purpose.
Contents of Health Records
Health records contain individual medical information including personal identifying information, contact information, past treatments, check-up and health test results, chronic illnesses, history of family illnesses, medical allergies, prescribed medications, and relevant lifestyle information.
The primary purpose of the health record refers to the the purposes for which the information was collected to begin with. Such purposes typically include the provision of adequate and appropriate medical care requested by the patient or deemed necessary for the patient based on the record's contents. These records are necessary on this primary level in order to keep track of important clinical information that any future medical professional may find useful in encounters with the same patient.
Secondary purposes of patients' health records refer to any purpose beyond the primary purpose, including consensual or lawful use of the information to investigate unlawful activity, for the prevention or decrease of individual or public health threats or for public health or safety research or statistical analysis. Efforts are also underway in the United States, the United Kingdom and Australia to increase the quality and consistency of medical records for more effective use in regard to public health research efforts. Such research would boost the quality of these countries' medical services and overall public health including areas of genetic impacts, disease risk factors, possible interventions, drug side effects, drug safety surveillance, treatment effectiveness, decreased mortality rates, institutional performance tracking and clinical efficiency.
Health Information Privacy Protection
In 2000, the HIPAA Privacy Rule emerged to specify nationwide standards for the protection of personal health information in general.
In 2003, the HIPAA Security Rule finalized nationwide standards for securing individuals' electronically stored health information, recognizing that electronic storage could increase the vulnerability of such confidential documents.
In 2009, as organizations, researchers and practitioners began to comprehend the value that expanding allowed usage of medical information for research could have for public health and medical advancements, the Patient Safety Rule emerged as well to further ensure the confidentiality of any individually identifiable information associated with medical records used for such research.