HHS issues privacy standard for personal health records

HHS issues privacy standard for personal health records

By Matt McLaughlin

GCN Staff

DEC. 21—The Health and Human Services Department has issued the nation's first set of standards for protecting the privacy of personal health records.

The regulation:

  • limits the non-consensual use and release of private health information;

  • gives patients new rights to access their records and to know who else has accessed them;

  • restrict disclosure of most health information to the minimum needed for an intended purpose;

  • establishes new requirements for access to records by researchers and others; and

  • sets new civil and criminal penalties for violation of the rules.

The department was required to establish the regulation when Congress failed to pass a set of privacy rules for personal health records. HHS proposed a rule last year and issued the final version after receiving more than 52,000 comments. The final regulation covers all personal health information maintained by health care providers and clearinghouses, hospitals, and health plans and insurers on paper or in oral or electronic form.

The rule requires providers to get patients' consent for routine use and disclosure of health records, in addition to authorization for non-routine disclosures. Civil penalties for violation of the rules include fines up to $25,000 per year. Criminal punishment includes up to $250,000 and up to 10 years in prison.

The full text of the standards and a fact sheet about the regulation can be found at www.hhs.gov/ocr/hipaa.html.


  • Records management: Look beyond the NARA mandates

    Records management is about to get harder

    New collaboration technologies ramped up in the wake of the pandemic have introduced some new challenges.

  • puzzled employee (fizkes/Shutterstock.com)

    Phish Scale: Weighing the threat from email scammers

    The National Institute of Standards and Technology’s Phish Scale quantifies characteristics of phishing emails that are likely to trick users.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.