Facility Medical Records Regulation

VII. Key Issues: Regulation & Reform >> B. Health Care Regulation >> Health Facilities Regulation >> Facility Medical Records Regulation

Medical records contain much detailed information that is required by statute, regulation or JCAHO standards. For example, federal regulations mandate the use of a Resident Assessment Instrument (RAI) and Minimum Data Set (MDS) in federally certified nursing homes. Such records are technically the property of the facility. Historically, privacy protection of such records has been a state concern.

Federal concern over privacy protection arose in the context of concerns over the more widespread use of electronic records, which were specifically encouraged under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). HIPAA included provisions for administrative simplification and standards for health care electronic data exchange. In the context of wide variation across states in the scope and stringency of privacy protections and concerns about the security/privacy of electronic data in particular, HIPAA therefore also included a third major component to address health information security requirements, thereby establishing national standards that effectively set a national floor on privacy as it relates to medical records. The Duke Center for Health Policy and Inequalities Research has developed a draft working paper assessing the cost and benefits of medical records regulation in the U.S., including both HIPAA privacy rules and state privacy regulations.


  • Privacy Rule. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule
  • Office for Civil Rights enforces the HIPAA Privacy Rule, which protects the privacy of individually identifiable health information, and the confidentiality provisions of the Patient Safety Rule, which protect identifiable information being used to analyze patient safety events and improve patient safety. This link summarizes the Privacy Rule’s protection of the privacy of individually identifiable health information, the rights granted to individuals, OCR’s enforcement activities, and how to file a complaint with OCR.

One Response to Facility Medical Records Regulation

  1. Privacy protection for a patient is a basic right. We as healthcare professionals ought to respect that right. However, with the rise in electronic records, the tendency to look at records as inanimate not considering them sensitive information for the patients is harming the credibility of health institutions. I think it a positive move on the part of the government considering establishing such regulations to prevent any misuse.

Leave a Reply

Your email address will not be published. Required fields are marked *