Privacy Law Timeline
A comprehensive timeline of health privacy legislation and regulations that shape how your personal health information is protected today.
HIPAA Enacted
Health Insurance Portability and Accountability Act establishes national standards for health information privacy
Impact:
Foundation for health privacy rights
Key Provisions:
- Created national standards for protecting health information
- Established patient rights to access and control their health data
- Required healthcare organizations to implement safeguards
- Set penalties for violations of privacy rules
HIPAA Privacy Rule
Privacy Rule takes effect, establishing comprehensive privacy protections for health information
Impact:
Immediate privacy protections for patients
Key Provisions:
- Defined protected health information (PHI)
- Established permitted uses and disclosures
- Required patient authorization for most uses
- Created patient rights framework
HIPAA Security Rule
Security Rule takes effect, requiring safeguards for electronic health information
Impact:
Technical security requirements for healthcare data
Key Provisions:
- Administrative safeguards requirements
- Physical safeguards for facilities and equipment
- Technical safeguards for electronic systems
- Risk assessment and management procedures
HITECH Act
Health Information Technology for Economic and Clinical Health Act strengthens HIPAA protections
Impact:
Expanded privacy protections and breach notification requirements
Key Provisions:
- Mandatory breach notification requirements
- Expanded penalties for HIPAA violations
- Extended HIPAA requirements to business associates
- Increased enforcement and audit activities
HIPAA Omnibus Rule
Final rule implementing HITECH Act provisions and updating HIPAA regulations
Impact:
Strengthened patient rights and business associate obligations
Key Provisions:
- Business associates directly liable under HIPAA
- Enhanced individual rights including access
- Modified minimum necessary standard
- Updated breach notification requirements
21st Century Cures Act
Promotes interoperability and patient access to health information
Impact:
Enhanced patient access to electronic health records
Key Provisions:
- Information blocking prevention measures
- Patient access to electronic health information
- API requirements for certified health IT
- Interoperability standards advancement
ONC Final Rules
21st Century Cures Act rules take effect, enhancing data access and interoperability
Impact:
Improved patient access to health data through APIs
Key Provisions:
- Patient access APIs required
- Information blocking penalties
- Standardized data exchange formats
- Provider directory requirements
HIPAA Right of Access Initiative
HHS increases enforcement of patient access rights under HIPAA
Impact:
Enhanced enforcement of patient access to medical records
Key Provisions:
- Targeted enforcement of access violations
- Reduced timeframes for record access
- Limited fees for electronic records
- Patient-friendly formats required
What This Means for You
Strong Protections
Over 25 years of evolving legislation has created comprehensive protections for your health information.
Better Access
Recent laws have made it easier for you to access and control your own health information.
Ongoing Evolution
Privacy laws continue to evolve to address new technologies and emerging privacy challenges.
Live tracker
Recent healthcare data breaches
Real incidents from the 2026 HHS OCR portal. Each entry names the provider, the data exposed, and the steps to take if you received a notification letter.