Patient data privacy and access resources

The AMA seeks to ensure that as health information is shared—particularly outside of the health care system—patients have meaningful controls over and a clear understanding of how their data is being used and with whom it is being shared. Above all, patients must feel confident that their health information will remain private.

---

• Learn more about information blocking requirements (PDF).
• Broader information-blocking requirements take effect: What it means

Privacy by design for developers

AMA releases new guidance for health app developers on equitable data governance and collection.

Read Now (PDF)

---

Find best practices for efficiently providing patients with electronic access to medical records in one authoritative resource with the AMA's Patient Records Electronic Access Playbook.

The playbook covers elements, including requirements under HIPAA, to help practices provide patients with their own health information. Find legal requirements, real-world scenarios, the world of apps, key points to remember, and a patient records request flowchart.

Patients have a right to determine how and what parts of their health information is shared. Further, any individual or company seeking to access a patient’s most confidential medical information must comply with federal and state law and develop or have an established trusted relationship with the patient.

Stay informed and up-to-date about the ways the AMA protects patient information and patient privacy.

AMA Privacy Principles (PDF)

A case for privacy by design in app development (PDF)

AMA health data privacy framework

Information-blocking practices, which impede the secure exchange and use of electronic health information by practices, patients and doctors can stand in the way of providing quality care. AMA provides online resources for physicians on the information blocking rule that takes a deeper dive into integrating data sharing into medical practices and making medical records more easily available to patients.

• Learn more about information blocking (PDF). 
• Find an information blocking educational resource (CME credit) on AMA Ed Hub™

The AMA has created a summary brief (PDF) of a new Final Rule released by CMS and ONC in late June implementing disincentives for physicians and other health care providers participating in specific Medicare programs that HHS has determined have committed information blocking.

Preventing patient harm (PDF)

What is information blocking? (PDF)

How do I comply with information blocking? (PDF)

Information blocking investigations and penalties (PDF)

Patients have the right to access their medical information. Access also improves the overall efficiency of the medical care team. Explore news, information, solutions and statements on EHR interoperability, EHR usability and AMA patient privacy resources.

Patient Records Electronic Access Playbook

The world of apps and EHR interoperability

Operationalizing patient electronic access

In the digital age, personal health information is not always truly private. Social media platforms, wearable fitness trackers and apps collect health data that can be shared for advertising purposes and, when combined with medical records, allow for profiling and discrimination. AMA has adopted policies designed to help integrate mobile health applications and devices (also known as mHealth) into clinical practice.

FTC warns health apps to comply with health data-breach rules

7 essentials to getting mHealth data into flow of patient care

How smartphone apps can protect users’ health info

A case for privacy by design in app development (PDF)

As practices and health care organizations become increasingly digitized, physicians must be aware of HIPAA’s Privacy, Security and Breach Notification requirements, that protect the confidentiality of their patients’ medical information. 

HIPAA privacy and security resources

HIPAA violations and enforcement

HIPAA

Protecting information gathered in association with the care of the patient is a core value in health care. 

The AMA Code of Medical Ethics provides guidance to help physicians strike the balance with patient's rights and privacy. 

How to ethically utilize AI

When used ethically, augmented intelligence (AI) has the power to serve as a transformative and powerful tool for physicians.

Read Now on AMA Ed Hub™

 

Code of Medical Ethics: Privacy, confidentiality and medical records

Must physicians disclose personal health information to patients?

Use of patient registries during public health emergencies

AMA actively engages the administration, Congress and industry stakeholders in discussions on the future direction of regulatory guardrails that are needed to restore public confidence in data privacy protections. 

The AMA has provided several recommendations to strengthen medical data privacy and improve federal health information technology policy. Recent letters to the federal government include:

• Comment Letter to the Federal Trade Commission (FTC) on the Health Breach Notification Rule
• Comment Letter to the Office for Civil Rights (OCR) on proposed changes to the Health Insurance Portability and Accountability Act (HIPAA)
• Comment Letter to Office of the National Coordinator for Health Information Technology (ONC) on privacy guardrails for digital vaccine credential services
• Comment Letter to ONC on proposed information blocking regulations 
• Comment Letter to the Department of Health and Human Services’ (HHS) Centers for Medicare and Medicaid Services (CMS) proposed interoperability and patient access rule
• Testimony to the FTC regarding its approach to consumer privacy
• Response to an OCR request for information on HIPAA 
• Comment Letter to National Institute of Standards and Technology (NIST) on developing a privacy framewor