Skip to Content

Security of Health Information in Pennsylvania

        In Pennsylvania, different types of medical facilities have special requirements for maintaining the security of patient medical records.  For most facilities, including hospitals1, ambulatory surgical facilities2, birthing centers3, and home health care centers4, Pennsylvania requires simply that medical records be stored in an area that will protect against loss, damage and unauthorized access. For adult daily living centers, the state requires that all client records be kept locked when unattended.5

        Under certain circumstances, entities around the state can gain access to medical record data housed by the health care cost containment council through the Right-to-Know-Law.  The council can provide access to special reports derived from raw data to entities that purchase health benefits for their employees, collective bargaining representatives of those employees, and any other entities it deems appropriate.6

 

Footnotes

  • 1. 28 Pa. Code § 115.22 (2012)
  • 2. 28 Pa. Code § 563.5 (2012)
  • 3. 28 Pa. Code § 501.62 (2012)
  • 4. 28 Pa. Code § 601.36 (2012)
  • 5. 6 Pa. Code § 11.197 (2012)
  • 6. 35 Pa. Stat. Ann. § 449.10 (West 2012)

 

Security of Health Information in Pennsylvania

Subtopic Statute/Regulation Description
Security of Health Information Access - 6 Pa. Code § 11.197 Clients of older adult daily living centers will have access to their own records and the information contained therein, unless, in the opinion of...
Clinical records - 28 Pa. Code § 601.36 Providers of home health care services must maintain a clinical record containing pertinent past and current findings for every patient receiving...
Confidentiality of medical records - 28 Pa. Code § 115.27 Medical record confidentiality
Confidentiality of medical records - 28 Pa. Code § 563.9 Records should be confidential
Contents - 28 Pa. Code § 115.32 Medical record contents
Form and content of record - 28 Pa. Code § 563.12 Ambulatory surgical facilities must maintain a separate medical record for each patient that includes the following information:1   ...
Health record transfer, retention and confidentiality - 28 Pa. Code § 501.62 Birth centers must comply with the following requirements pertaining to patient medical records: If a patient is transferred or referred to...
Medical records review - 28 Pa. Code § 115.34 Medical records review
Ownership - 28 Pa. Code § 563.10 Ambulatory surgical facilities must maintain a separate medical record for each patient that includes the following information: 28 Pa. Code Chapter...
Patient access - 28 Pa. Code § 563.11 Access to copies of medical records
Patient care records - 28 Pa. Code § 127.35 Patient care records
Patient dental records - 28 Pa. Code § 141.26 Dental records
Patient medical records - 28 Pa. Code § 115.31 All hospitals must maintain patient records in accordance with the following provisions:         A medical...
Patient medical records - 28 Pa. Code § 121.16 Patient medical records
Patient records - 28 Pa. Code § 129.37 Patient records
Patients’ medical records - 28 Pa. Code § 131.24 Patient medical records
Preservation of medical records - 28 Pa. Code § 115.23 Preservation of medical records
Preservation of medical records - 28 Pa. Code § 563.6 Policies regarding medical record retention
Right-to-Know Law and access to council data - 35 Pa. Stat. Ann. § 449.10 The Right-to-Know law enables the health care cost containment council to make determinations on requests for its information and data in favor of...
Storage of medical records - 28 Pa. Code § 115.22 Storage of medical records