It is becoming a requirement in this day and age to become paperless, whether that be writing an email instead of penning a letter or having an electronic medical record (EMR) instead of physical charts. Let’s review some of the various industry regulations:

Healthcare Industry Regulations

Under HIPAA, the Healthy Insurance Portability and Accountability Act, there is still a great level of protection for patients’ electronic medical records (EMR). The government has also created the HIPAA Security Rule which requires health care providers to safeguard EMRs. There could be an “Access Control” tool that protects the records with a password or PIN number, which limits access to those records. They might also offer encryption so that the record cannot be cracked without the key.

While there is a great deal that goes into ensuring the records are secure, if there were a breach in a health care provider’s system, they would legally have to notify the Secretary of Health and Human Services office. If the breach were to contain information on more than 500 patients, the provider would then be required to inform local and state media outlets to ensure that patients would be notified that their information may have been compromised. These laws keep providers accountable for EMRs and the data they contain.

Because there are different state and federal laws governing the retention of records, there is not one uniform rule for the practice. However, providers generally abide by the federal record retention requirements that are found under the Federal Register and then compare those requirements with the laws of the state they are in.

Legal Regulations

A criminal record can be a great source of information about a person because it includes items like:

  • Basic information (full name, date of birth, driver’s license number)
  • Any property owned
  • List of relatives
  • Convicted felonies or misdemeanors
  • Federal and state bankruptcies
  • Description of distinguishing body markings (such as tattoos and scars)

A criminal record contains a great deal of personal information but it is still determined to be a matter of public record. While employers, landlords and lenders may access this information to get a sense of a person’s character, someone else may be able to view this information without permission.

Educational Regulations

The Family Educational Rights and Privacy Act (FERPA) is the federal law which protects the privacy of education records. Generally speaking, FERPA only applies to public school districts, elementary, secondary, and post-secondary schools. It does not apply to K-12 private and parochial schools, unless those schools receive federal funding.

There is not a federal requirement that mandates how long a school must hold a person’s educational records for. There may be state or local policies that require otherwise but it is best to check with the school district. However, specific education records cannot be destroyed if anyone has submitted a request to view a particular record.

Legally, if a child is under 18, only their parents or legal guardians have a right to view the education record. Once a student reaches the age of 18 and is in post-secondary school, they have access to their own education records and must give the school permission to discuss their records with others.

It’s a Scary World Out There, Do Your Part

A lot of sensitive personal information can be accessed about a person, regardless of industry type, safeguards, and regulations. However, businesses striving to legally meet the extremely important requirements set by state and federal government agencies can do their part to help maintain the privacy of their customers and protect their businesses from vulnerability.