HIPPA and Medical Record Privacy Previously, health information was protected by state law. However, because this information crosses state lines, the need for federal protection has been justified. In 1996, Congress passed the Health Insurance Portability and Accountability Act (HIPAA). HIPAA provides the first federal protection for the privacy of medical records (Burke & Weill, 2005). HIPAA encourages the use of electronic health records and the sharing of medical records between healthcare providers because it can help save lives. HIPAA requires that patients have some knowledge of the use of their medical records and must be informed in writing of their providers' privacy policies. HIPAA provides technical requirements that a healthcare provider, insurer, or service provider, unless exempt under state law, must provide. An organization must conduct a self-assessment to understand what threats its records face and develop techniques necessary to protect the information (HIPAA, 1996). The purpose of HIPAA is to protect consumer privacy. The HIPAA security rule most impacts technology in a healthcare or human services organization. The security rule specifically addresses electronic protected health information (EPHI). The EPHI provides three types of mandatory security measures to meet HIPAA compliance. Administrative, physical and technical. There is constant concern about several types of devices and tools due to their vulnerability: laptops; home personal computers; library and public workstations; USB sticks and email, just to name a few. These items are easily accessible to those attempting to breach security. Healthcare workers have complete...... half of the document ......explains and clarifies key provisions of the Medical Privacy Regulation, this is a reliable source of information that was published last December (HIPAA , 1996). Ensuring the accuracy, security and protecting the privacy of all medical information is critical and an ongoing challenge for many organizations. References American Medical Association (2005) Retrieved December 7, 2008, from http://www.ama-assn.org/.Burke, L., & Weill, B. (2005). Information Technology for Health Professions Retrieved December 6, 2008, from Axia College, Week 2 Reading, aXcess, HHS 255 Technology in Health Services Course. U.S. Department of Health and Human Services Office for Civil Rights (HIPAA). Retrieved December 7, 2008, from http://www.hhs.gov/ocr/hipaa/.