TABLE 2.1 Existing Federal and State Protections for Health Information








Requires federal agencies to publicly disclose the existence of government record systems; allows individuals the right to access information about themselves and to copy, correct, or amend records kept by the government; limits the purposes for which the federal government can collect or disclose information without consent.

Applies only to record-keeping systems operated by federal agencies or their contractors.

Freedom of Information Act of 1966

Allows individuals open access to federal agency records, except for those with specific exemptions.

Does not specifically address disclosure of information held by federal agencies.

Americans with Disabilities Act

Prevents public and private organizations from discriminating against individuals because of a disability.

Applies only to those conditions specifically defined as disabilities, not to all health information.

United States Code, Sections 290dd-3 and 290ee-30

Establish special rules of confidentiality for records of patients who seek treatment for drug or alcohol abuse at federally funded facilities.

Limited in scope to information about drug and alcohol abuse; apply only to federally funded facilities.

Medicare Conditions of Participation

Requires hospitals to have a procedure for ensuring the confidentiality of patient records and allows information to be released only to authorized individuals.

Does not address security mechanisms or evaluate practices.

Constitutional law

Interpreted as protecting the privacy of information about individuals.

Lower courts have not strongly enforced this interpretation.

The National Academies of Sciences, Engineering, and Medicine
500 Fifth St. N.W. | Washington, D.C. 20001

Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement