In 2002, the project produced an update of the 1999 state summaries.
The Health Privacy Project's 1999 report, The State of Health Privacy: An Uneven Terrain, provided the first state-by-state guide to health privacy statutes.
The project also established a Health Privacy Working Group to identify "best principles" for health privacy. Its report, Best Principles for Health Privacy, outlined 11 principles that should be considered when implementing comprehensive patient privacy policies and practices, including:
- Personal identifiers should be removed from health information whenever possible.
- Privacy protections established when information is collected should govern all use of that data.
- Individuals should have the right to see and supplement their health information.
- Individuals should receive notice about the use and disclosure of health information.
- Except in limited circumstances, personally identifiable health information should not be disclosed without patient authorization.