Privacy of Personal Information - The Law

Various laws have been enacted to protect the privacy of personal information. The increase in Identity Theft crime has caused the enactment of many of these laws. Various states have also enacted laws, starting with the states of California, Wisconsin and Georgia. The most famous of the laws is HIPAA, enacted to protect the privacy of patient information.

HIPAA

Health Insurance Portability and Accountability Act (HIPAA), was enacted in 1996 and includes provisions intended to safeguard the privacy of patient health records. HIPAA is a significant piece of legislation with onerous penalties. For a full text of the SUMMARY OF THE HIPAA PRIVACY RULE from the Department of Human Services, available online go to: http://www.hhs.gov/ocr/privacysummary.rtf. See page 16 of this document in regards to specifically "securing records under lock and key.…and limiting access….."

Data Safeguards. A covered entity must maintain reasonable and appropriate administrative, technical, and physical safeguards to prevent intentional or unintentional use or disclosure of protected health information in violation of the Privacy Rule and to limit its incidental use and disclosure pursuant to otherwise permitted or required use or disclosure. For example, such safeguards might include shredding documents containing protected health information before discarding them, securing medical records with lock and key or pass code, and limiting access to keys or pass codes.

.HIPAA LINKS
PENALTIES FOR HIPAA VIOLATIONS:
http://www.utmb.edu/compliance/hipaa/hipaa-overview.htm#penalties

American Medical Association
http://www.ama-assn.org/ama/pub/category/11805.html

Health and Human Services
http://www.hhs.gov/ocr/privacysummary.rtf

GLB (Gramm Leach Bliley)

Gramm Leach Bliley (GLB) is another federal law with a much broader scope than HIPAA. The broad standards outlined in this law were designed to compel financial institutions to "respect the privacy of its customers and to protect the security and confidentiality of those customers' non-public personal information." Specifically, this law requires protection against "unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to any customer." See page 1, section (b) (3) of Section 501 of the Conference Report and Text of Gramm-Leach-Bliley Bill published by the Senate Banking Committee.

GLB LINKS
Senate Banking Committee
http://banking.senate.gov/conf/confrpt.htm

Federal Trade Commission
http://www.ftc.gov/privacy/glbact

FACTA

The Fair and Accurate Credit Transactions Act of 2003 also known as the FACT Act was signed into law on December 4, 2003. In general, the Act amends the Fair Credit Reporting Act (``FCRA''). The Act contains a number of provisions intended to combat consumer fraud and related crimes, including identity theft, and to assist its victims

The Disposal Rule of FACTA, as proposed, requires entities covered by the rule to take "reasonable measures" to protect against unauthorized access to or use of information.

FACTA LINKS
National Consumer Law Center
http://www.consumerlaw.org/initiatives/facta/nclc_analysis.shtml

Federal Trade Commission
http://www.ftc.gov/os/statutes/fcrajump.htm

Privacy Rights Organization
http://privacyrights.com/ar/FTC-DocDisposal.htm