HIPAA: Health Insurance Portability and Accountability Act of 1996 - Primary federal law governing healthcare privacy and security requirements
HITECH Act: Health Information Technology for Economic and Clinical Health Act - Expands HIPAA requirements and strengthens enforcement of privacy and security protections
42 CFR Part 2: Federal regulations specifically governing the confidentiality of substance use disorder patient records
ADA: Americans with Disabilities Act - Includes provisions for protecting medical information of individuals with disabilities
GINA: Genetic Information Nondiscrimination Act - Protects genetic information privacy and prevents discrimination based on genetic information
State Privacy Laws: State-specific regulations that may impose additional or more stringent requirements than federal laws for patient privacy protection
State Record Retention Laws: State-specific requirements for how long medical records must be maintained and secured
State Breach Notification Laws: State-specific requirements for notifying patients and authorities in case of data breaches
Mental Health Privacy Laws: State-specific laws governing the privacy and handling of mental health records, which often have additional protections
Minor Privacy Laws: State-specific laws regarding the handling and privacy of medical information for minors
Medical Ethics Guidelines: Professional standards and ethical guidelines established by medical associations regarding patient confidentiality
Licensing Board Requirements: Professional licensing board standards and requirements for maintaining patient confidentiality
Special Category Information Rules: Specific requirements for handling sensitive information such as HIV/AIDS status, mental health records, and substance abuse treatment
EHR Requirements: Requirements specific to electronic health records storage, security, and sharing
Third Party Sharing Protocols: Requirements and protocols for sharing patient information with third parties, including consent requirements
