Health Insurance Portability and Accountability Act of 1996 Privacy Rule
(HIPAA Privacy Rule)

The Department of Health and Human Services

Issued on August 14, 2002, the HIPAA Privacy Rule regulates the use and disclosure of Protected Health Information (PHI) held by institutions such as health insurance companies, health care clearinghouses, and medical service providers. The rule is aimed to establish national standards to protect individuals' medical records and other personal…

Read More

Health Insurance Portability and Accountability Act of 1996 Security Rule
(HIPAA Security Rule)

The Department of Health and Human Services

Issued on February 20, 2003, the HIPAA Security Rule focuses specifically on electronic protected health information (EPHI), and provides administrative, technical, and physical standards for protection. 

Read More

The Health Information Technology for Economic and Clinical Health (HITECH) Act

The HITECH Act, enacted as part of the American Recovery and Reinvestment Act of 2009 on February 17, 2009, aims to promote the adoption and meaningful use of health information technology. Subtitle D of the HITECH Act addresses the privacy and security concerns associated with the electronic transmission of health…

Read More

The Patient Safety and Quality Improvement Act of 2005 (PSQIA)

Agency for Healthcare Research and Quality

The PSQIA establishes a voluntary reporting system to enhance the data available to assess and resolve patient safety and health care quality issues. To encourage the reporting and analysis of medical errors, the PSQIA provides federal privilege and confidentiality protections for patient safety information called Patient Safety Work Product.

Read More

Grand Bargains for Big Data: The Emerging Law of Health Information

72 Maryland Law Review 682 (2013)
Frank Pasquale

In this article, Professor Pasquale argues that in exchange for subsidizing systems designed to protect intellectual property and secure personally identifiable information, health regulators should have full access to key data those systems collect.

Read More