Legal Issues in Health Information Exchange

Health Information Law Definition- Deals with the evolving and sometimes complex legal principles as they apply to information technology in health-related fields. It addresses the privacy, ethical and operational issues that invariably arise when electronic tools are used in health care delivery. Health Informatics law also deals with circumstances under which data and records are shared with other fields or areas that support and enhance patient care. This field applies to all matters that involved information technology, health care, and the interaction of information.

HIPAA Laws and Privacy
The Health Insurance Portability and Accountability Act set a national standard for the privacy of health information. With health records going electronic, privacy is a major concern for people because they consider information about their health highly sensitive, and they want strong protection from the law. The law basically protects health information, but it also permits the disclosure of patient information at the time of patient care. The HIPAA only applies to medical records maintained by health care providers, health plans, and health clearing- houses, and only if the facility maintains and transmits records in electronic form. This law has faults although, because when health information is exchanged by all the people who have authorized access to it, it is not really that private and secure. Even though HIPAA requires health care providers to protect patient’s privacy, providers are required to communicate with the patient’s family, friends, and others involved in their payment for care. This creates legal issues in the field of health information exchange. In order for electronic health records to get passed, it is imperative that privacy and security of electronic health information be ensued as this information is maintained and transmitted electronically.

An individual cannot sustain a lawsuit against another person based solely on HIPAA, even if such individual believes his or her PHI has been disclosed in violation of HIPAA. In such situations, HIPAA provides a mechanism where the individual can file a complaint with the federal government. This was the case when a lawsuit was filed against the American Recovery and Reinvestment Act’s Health Information Technology provisions that violate the HIPAA privacy rule. It violates this privacy rule because the law requires the HHS to issue guidance on what constitutes “minimum necessary” disclosure of information under HIPAA. The suit alleges the federal government will unconstitutionally use patient information. When it was all said and done, the suit alleges eight counts of violating plaintiff’s right to privacy, due process, and personal security. Lawsuits such as this one are examples of the legal problems that will arise from the electronic exchange of medical records. People will dig deep to find law violates when their health information is being transferred to various groups in the health industry.


The Health Information Technology for Economic and Clinical Health Act was passed on February 17, 2009 by President Obama as part of the stimulus package. The act is used to encourage the adoption of HER’s through Incentive payments to physicians. The conflict of this act is that Health Information Exchange using technology is about sharing data and HITECH is about data restraint and accountability. HITECH‘s four steps is that health entities must install lots of controls to monitor and regulate the sharing of data. Not only is it referring to regulations of data sharing on electronic health records, but all types of technology that are used by health professionals. It implicates that:

  • Health care organizations need to be archiving mail, and other electronic messages, it keeps the health information organized and can allow a later review of which patient information was delivered to which person.
  • An application added to the message archiving that shows who accessed a particular archive record at what time.
  • For other collaboration systems that aren’t e-mail, health care systems need to add access logs and audit trails

Summary: As more technology arises, and legislation is passed to allow it, there will be plenty more legal issues that come out of this situation. Privacy and security are the main concerns of health information exchange right now, but it is a blank field for other issues that will come as the system advances.

Related Terminology: HIPAA, Health Informatics, American Recovery and Reinvestment Act, Privacy Laws