Every person or organization that accesses, requests or receives medical records needs to be aware of the laws surrounding confidently and protection of medical records. Federal law is updated periodically and includes information on what must be done to comply with the law.
In the field of Life Care Planning, whether you receive medical records as a hard copy or electronic copy, it is important to guard and protect the information on the records. Even summaries of records and legal reports are included in this protection.
The Health Insurance Portability and Accountability Act of 1996 (HIPPA), contains the HIPPA Privacy Rule that is made of national standards for the protection of certain health information. The HIPPA Security Rule contains Security Standards for the Protection of Electronic Protected Health Information, which contains national security standards for protecting health information transferred in electronic form (Health and Human Services, HHS).
The HIPPA Security Rule requires covered entities to use administrative, technical, and physical safeguards for protecting personal health information (HHS). Covered entities are both individuals and organizations that must comply with HIPPA. These covered entities must:
- Ensure confidentiality, integrity, and availability of all health information they create, receive, and send
- Identify and protect against possible threats to security or integrity of the information
- Protect against possible impermissible uses or disclosures
- Ensure compliance by their workforce
The Centers for Medicare and Medicaid Services (CMS.gov) has a Covered Entity Decision Tool to help determine if an individual or organization is a covered entity, which can be found here.
Centers for Medicine and Medicaid (2021). Covered Entity Decision Tool. Retrieved from
Health and Human Services (2021). Summary of HIPPA Rule. Retrieved from