Health Records and Privacy


Welcome to LawShelf’s video-course on health records and privacy. A doctor’s visit can be a stressful experience not only because it involves health issues, but also because it generates records that patients usually want to keep confidential.  

To help assuage patients’ concerns, the Health Insurance Portability and Accountability Act of 1996, or HIPAA, regulates disclosure of private patient information. Many Americans have heard of the Act, but this course focuses on its nuances and how it operates. This is an introductory-level course on principles of healthcare privacy and it requires no previous knowledge of healthcare or law. 

In our first module, we will provide an overview of HIPAA. We’ll discuss HIPAA’s twin “pillars,” the Privacy Rule and the Security Rule, which both address standards for the protection of health information. We’ll also look at how the Department of Health and Human Services enforces HIPAA’s provisions.

In Module Two, we’ll learn about the situations when a hospital or healthcare provider can disclose protected health information without violating HIPAA. We’ll discuss consent and authorization and explore the numerous exceptions to HIPAA’s Privacy Rule, such as those required by law, judicial and law enforcement exceptions, and the health, safety and research exceptions.

We’ll devote the third module to HIPAA enforcement and the penalties for unauthorized disclosures of patient health information. We’ll examine how the Department of Health and Human Services’ Office of Civil Rights investigates HIPAA violations and prosecutes and penalizes violators. 

In the fourth module, we’ll consider the intersection of HIPAA and state law. We’ll discuss what federal law permits states to do and what it preempts. We’ll also discuss examples of state law approaches to disclosures and explore when and how a state can be stricter in its approach to protecting a patient’s health information.

Finally, we will spend the last module laying out what an effective medical records retention policy entails. We’ll look at requirements on healthcare providers with regards to records content and length of time of records must be retained. We will also cover the consequences of improper medical record destruction.

Best of luck and we welcome your feedback. 


Overview of the Health Insurance Portability and Accountability Act of 1996 - Module 1 of 5


Authorized Disclosures and Privacy Rule Expectations - Module 2 of 5


Enforcement Actions for Unauthorized Disclosures - Module 3 of 5


HIPAA and the Preemption of State Law - Module 4 of 5


Records Retention and Destruction Policies - Module 5 of 5

Final Exam only needs to be taken by those seeking to earn the Digital Badge credentials for this course.