Researchers Compile State Health Privacy Statutes, Identify Best Principles

Updating The State of Health Privacy report

In 1999, the Health Privacy Project of the Institute for Health Care Research and Policy at Georgetown University, Washington, published a compilation of health privacy statutes in all 50 states and a "consensus document" of best principles for shaping health privacy policy.

In 2002, the project produced an update of the 1999 state summaries.

Key Results

  • The Health Privacy Project's 1999 report, The State of Health Privacy: An Uneven Terrain, provided the first state-by-state guide to health privacy statutes.

  • The project also established a Health Privacy Working Group to identify "best principles" for health privacy. Its report, Best Principles for Health Privacy, outlined 11 principles that should be considered when implementing comprehensive patient privacy policies and practices, including:

    • Personal identifiers should be removed from health information whenever possible.
    • Privacy protections established when information is collected should govern all use of that data.
    • Individuals should have the right to see and supplement their health information.
    • Individuals should receive notice about the use and disclosure of health information.
    • Except in limited circumstances, personally identifiable health information should not be disclosed without patient authorization.