HHS issues privacy standard for personal health records

HHS issues privacy standard for personal health records

By Matt McLaughlin

GCN Staff

DEC. 21—The Health and Human Services Department has issued the nation's first set of standards for protecting the privacy of personal health records.

The regulation:

  • limits the non-consensual use and release of private health information;

  • gives patients new rights to access their records and to know who else has accessed them;

  • restrict disclosure of most health information to the minimum needed for an intended purpose;

  • establishes new requirements for access to records by researchers and others; and

  • sets new civil and criminal penalties for violation of the rules.

The department was required to establish the regulation when Congress failed to pass a set of privacy rules for personal health records. HHS proposed a rule last year and issued the final version after receiving more than 52,000 comments. The final regulation covers all personal health information maintained by health care providers and clearinghouses, hospitals, and health plans and insurers on paper or in oral or electronic form.

The rule requires providers to get patients' consent for routine use and disclosure of health records, in addition to authorization for non-routine disclosures. Civil penalties for violation of the rules include fines up to $25,000 per year. Criminal punishment includes up to $250,000 and up to 10 years in prison.

The full text of the standards and a fact sheet about the regulation can be found at www.hhs.gov/ocr/hipaa.html.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected