ABSTRACT
80An array of federal and state laws restricts the use and disclosure of individually identifiable health information by healthcare providers and other health industry stakeholders. The most comprehensive of these laws is The Health Insurance Portability and Accountability Act (HIPAA), 1 which establishes a national legal foundation for health information privacy. But a patchwork of other state and federal laws are layered on top of HIPAA, imposing more stringent requirements on particular types of entities or certain types of information. As a result, an organization’s privacy obligations may vary from one context to another. This chapter provides a summary of HIPAA’s privacy requirements, as amended by the Health Information Technology for Economic and Clinical Health (HITECH) Act, and an overview of the other state and federal laws that are likely to affect the use and disclosure of health information.81
