Important Laws and Regulations in Health Informatics

healthcare gavel

It is important to be familiar with federal and state legislation governing patient medical records.

There are several laws designed to protect Americans’ personal health information. Patients have the right to privacy, and they have the right to have the information shared with healthcare providers who will use it with discretion in the patient’s best interest. If you have or are considering a career in health informatics, it is important to be aware of federal and state laws so that Protected Health Information (PHI) remains secure when stored and transmitted by electronic health record systems.

Privacy Act of 1974

The Privacy Act of 1974 regulates information collected by the federal government and its agencies. The legislation allows citizens to know what information is collected about them, assure the veracity of that data and obtain copies of the information. The Veterans Health Administration and Indian Health Services are subject to these regulations.

Alcohol and Drug Abuse Patient Confidentiality

The Confidentiality of Alcohol and Drug Abuse Patient Records rule allows for additional privacy in any federally-assisted drug or alcohol abuse program. Identity, diagnosis, and treatment are treated as confidential information. Patient impairment does not excuse the release of confidential patient information.

Conditions for Coverage of Specialized Services by Suppliers

The Conditions for Coverage of Specialized Services by Suppliers is part of Medicare laws that govern providers and require that all PHI be kept confidential and protected against loss, destruction, or unauthorized use.

This information requires the written approval of the patient before it is used or forwarded. Hospitals must protect this information against unauthorized use and current Electronic Health Records allow for monitoring and securing data.

Patients always have a right to access their records; an institution is allowed to charge a usual and customary fee for paper copy costs. These laws extend to home health agencies and long-term care facilities.

Institutional Review Boards

Institutional Review Boards are governed by state and federal laws and require informed written consent and data security and privacy.

State laws vary and may include special requirements with regard to drug and alcohol treatment, special disease states, and mental illness.


The Joint Commission on Accreditation of Healthcare Organizations (JCAHO) is a private organization that has been used since 1965 to accredit hospitals and facilities, which allowed for their participation in Medicare.

In 2010, the process changed to provide for review by Centers for Medicare and Medicaid Services (CMS) prior to facility participation. JCAHO has had varying abilities to control and determine rules related to patient care, several of which pertain to PHI confidentiality.  These rules are constantly under review and have included a large number of recent revisions coinciding with the increasing prevalence of EHRs.


The Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 empowers the Federal Department of Health and Human Services (HHS) to oversee the promotion of Health IT – including quality, safety and security as well as the secure information exchange.


The Health Insurance Portability and Accountability Act (HIPAA) of 1996 was enacted to allow for the continuance of health insurance coverage in situations involving job changes or loss. Major provisions of this law were enacted to formulate and regulate federal guidelines and standards pertaining to electronic healthcare. Standards were developed to allow for identifications of providers, health insurance plans, and employers, including the National Provider Identifier Standard (NPIS), which provides every physician with a unique number used in all aspects of healthcare.

Affordable Care Act

The Affordable Care Act of 2010 was set up to fundamentally change the way people are insured; goals include lowering healthcare costs and making coverage accessible to previously uninsured people. The law is undergoing major changes as issues with its implementation are encountered. Final resolutions should be expected in the coming years as interpretations of its standards are developed and enacted. As revisions are implemented, there may be many changes to the way healthcare is delivered, including control of PHI.


The Food and Drug Administration Safety and Innovation Act (FDASIA) of 2012 resulted in the collaboration of the HHS and FDA to recommend a regulatory framework for Health IT to improve mobile applications and other means to promote patient safety and innovation in healthcare delivery.

Many federal and state regulations affect the health informatics field. Because the measures were developed in isolation at different times, there is some conflicting legislation with regard to patient care and the collection and maintenance of patient records. Familiarity with these laws and their implications is paramount for improved functioning in the promotion and development of computer-based patient-care systems.


The Medicare Access & CHIP (Children’s Health Insurance Program) Reauthorization Act of 2015 is intended to ensure that physicians are paid fairly, that Medicare Part B costs are controlled, and that healthcare is improved. 

The passage of MACRA in August 2015 signaled a move away from the Sustainable Growth Rate (SGR) Formula once used to determine physician reimbursement and toward a model based on the quality, efficiency, value, and effectiveness of the medical care provided. In addition, MACRA also will combine existing quality reporting programs into one new system.


The 21st Century Cures Act, passed by both houses of Congress and signed into law by President Obama in December 2016, covers many facets of healthcare. The goals for all, though, are the same: to “help modernize and personalize health care, encourage greater innovation, support research, and streamline the system,” according to the act’s mission statement.

Among the ways those goals will be sought is by the discovery of cures in basic science; streamlining the drug and device development process; unleashing the power of digital medicine and social media at the treatment delivery phase.

YES! Please send me a FREE guide with course info, pricing and more!

Academic Calendar

SUMMER I – 2024

Application Deadline April 12, 2024
Start Date April 29, 2024
End Date June 23, 2024

SUMMER II – 2024

Application Deadline June 7, 2024
Start Date June 24, 2024
End Date August 18, 2024

FALL I – 2024

Application Deadline August 2, 2024
Start Date August 19, 2024
End Date October 13, 2024

FALL II – 2024

Application Deadline September 27, 2024
Start Date October 14, 2024
End Date December 8, 2024

SPRING I – 2025

Application Deadline December 13, 2024
Start Date January 6, 2025
End Date March 2, 2025

SPRING II – 2025

Application Deadline February 14, 2025
Start Date March 3, 2025
End Date April 27, 2025

SUMMER I – 2025

Application Deadline April 11, 2025
Start Date April 28, 2025
End Date June 22, 2025

Get Our Program Guide

If you are ready to learn more about our programs, get started by downloading our program guide now.