HEALTH INFORMATION CAN be used in several different ways. For example, doctors and other healthcare professionals use and share it to provide medical care. Insurance companies and employers share it for insurance coverage and payment. However, many people worry that this type of information could be used improperly. For example, insurance companies could use it to deny healthcare coverage. Employers could use it to decide not to hire someone. Thieves could steal medical information and use it to commit medical identity theft.

Healthcare providers no longer store health information only in paper files. Many providers use computer systems to create and store electronic health records (EHRs). When information is stored electronically, data may be combined from several different sources. It is possible to create comprehensive medical records that contain a lot of data about a person; therefore, the healthcare industry must take steps to secure these types of records.

This chapter focuses on laws that protect the privacy and security of health information. For the most part, this chapter focuses on the unique challenges presented by growing amounts of electronic health information. This chapter also discusses how federal and state laws work together to protect this information.