ABSTRACT
In the U.S., privacy protections for health information are required by federal laws, such as the Health Insurance Portability and Accountability Act (HIPAA), and by most states’ statutes as well. Private organizations certifying healthcare facilities, such as the Joint Commission on Accreditation of Healthcare Organizations (also known as Joint Commission), also require data privacy protections, and almost all health professional organizations have provisions about privacy in their codes of ethics. Together, these comprise the protections for health information in general, and for the content of electronic health records (EHRs) in particular. Reecting the U.S.’s “federalist” approach-in the classic sense of that term, a mixture of protections from various levels of governance-the sum of the parts yields a complex landscape. Even an overview of the ethical, legal, and social issues associated with EHR privacy, such as presented here, can be complex.
