Medical Records Law and Legal Definition

Every time a patient receives healthcare, a record is maintained of the observations, medical or surgical interventions, and treatment outcomes. This record includes information that the patient provides concerning his or her symptoms and medical history, the results of examinations, reports of x rays and laboratory tests, diagnoses, and treatment plans. Medical records and health information technicians organize and evaluate these records for completeness and accuracy.

The main federal law regulating health information us the Privacy Rule under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), which came into effect in April 2003. The Security Rule, also required under HIPAA, was issued in final form on February 20, 2003 and will become effective in 2005.

The HIPAA Privacy Rule defines protected health information (PHI) very broadly. PHI includes individually identifiable health information related to the past, present or future physical or mental health or condition, the provision of health care to an individual, or the past, present, or future payment for the provision of health care to an individual. Even the fact that an individual received medical care is protected information under the regulation.

The Privacy Rule establishes a federal mandate for individual rights in health information, imposes restrictions on uses and disclosures of individually identifiable health information, and provides for civil and criminal penalties for violations. The complementary Security Rule includes standards for protection of health information in electronic form.