✓ Current as of 2026 Last Updated: June 2026

Privacy Law Timeline

A comprehensive timeline of health privacy legislation and regulations that shape how your personal health information is protected today.

1996 HIGH IMPACT

HIPAA Enacted

Health Insurance Portability and Accountability Act establishes national standards for health information privacy

Impact:

Foundation for health privacy rights

Key Provisions:

  • Created national standards for protecting health information
  • Established patient rights to access and control their health data
  • Required healthcare organizations to implement safeguards
  • Set penalties for violations of privacy rules
2003 HIGH IMPACT

HIPAA Privacy Rule

Privacy Rule takes effect, establishing comprehensive privacy protections for health information

Impact:

Immediate privacy protections for patients

Key Provisions:

  • Defined protected health information (PHI)
  • Established permitted uses and disclosures
  • Required patient authorization for most uses
  • Created patient rights framework
2005 HIGH IMPACT

HIPAA Security Rule

Security Rule takes effect, requiring safeguards for electronic health information

Impact:

Technical security requirements for healthcare data

Key Provisions:

  • Administrative safeguards requirements
  • Physical safeguards for facilities and equipment
  • Technical safeguards for electronic systems
  • Risk assessment and management procedures
2009 HIGH IMPACT

HITECH Act

Health Information Technology for Economic and Clinical Health Act strengthens HIPAA protections

Impact:

Expanded privacy protections and breach notification requirements

Key Provisions:

  • Mandatory breach notification requirements
  • Expanded penalties for HIPAA violations
  • Extended HIPAA requirements to business associates
  • Increased enforcement and audit activities
2013 MEDIUM IMPACT

HIPAA Omnibus Rule

Final rule implementing HITECH Act provisions and updating HIPAA regulations

Impact:

Strengthened patient rights and business associate obligations

Key Provisions:

  • Business associates directly liable under HIPAA
  • Enhanced individual rights including access
  • Modified minimum necessary standard
  • Updated breach notification requirements
2016 MEDIUM IMPACT

21st Century Cures Act

Promotes interoperability and patient access to health information

Impact:

Enhanced patient access to electronic health records

Key Provisions:

  • Information blocking prevention measures
  • Patient access to electronic health information
  • API requirements for certified health IT
  • Interoperability standards advancement
2020 MEDIUM IMPACT

ONC Final Rules

21st Century Cures Act rules take effect, enhancing data access and interoperability

Impact:

Improved patient access to health data through APIs

Key Provisions:

  • Patient access APIs required
  • Information blocking penalties
  • Standardized data exchange formats
  • Provider directory requirements
2021 LOW IMPACT

HIPAA Right of Access Initiative

HHS increases enforcement of patient access rights under HIPAA

Impact:

Enhanced enforcement of patient access to medical records

Key Provisions:

  • Targeted enforcement of access violations
  • Reduced timeframes for record access
  • Limited fees for electronic records
  • Patient-friendly formats required

What This Means for You

Strong Protections

Over 25 years of evolving legislation has created comprehensive protections for your health information.

Better Access

Recent laws have made it easier for you to access and control your own health information.

Ongoing Evolution

Privacy laws continue to evolve to address new technologies and emerging privacy challenges.