Over the past three decades, concerns about protecting patients’ rights have led to the passage of legislation meant to ensure the safety and privacy of patients. In particular, laws such as HITECH, GINA, HIPAA and EMTALA are meant to protect the privacy of patient data, provide patients with the autonomy to control the distribution of their data, and safeguard against discrimination based on that information.
The Emergency Medical Treatment and Active Labor Act (EMTALA) was enacted in 1986 and required hospitals to care for and treat patients, regardless of their ability to pay. The law was created in response to patient dumping, a practice common in the mid-20th century where poor or uninsured patients were transferred from hospital to hospital because of their inability to pay . A landmark 1984 study by Himmelstein et al. found that 97% of patients transferred to public hospitals had no insurance or were government-insured . With the passage of EMTALA, hospitals were required to treat emergency conditions, as defined by the bill, and stabilize patients before releasing them. Failure to do so can result in a penalty of up to $50,000 for both hospitals and physicians. Importantly, malpractice insurance does not usually cover the fine, meaning that physicians who violate EMTALA must pay the fee out of their own pocket .
The Health Insurance Portability and Accounting Act (HIPAA) was passed in 1996. Building off of the foundational belief that patients have a right to keep personal health information private, HIPAA developed a privacy framework for a digital age. With informational tools such as privacy notices and requirements for detailed authorization requests, HIPAA was meant to inform patients about how their data would be shared . Importantly, the act set a federal minimum for the protection of patient data, which individual states could then develop accordingly.
As genetic testing and sequencing developed in the 1990s and early 2000s, it became apparent that legislation to protect patients would need to cover genetic information, as well. In 2008, lawmakers passed the Genetic Information Nondiscrimination Act (GINA), which prohibited health insurers and employers from requiring genetic tests, requesting genetic information from patients, or discriminating based on that information. While some of these restrictions were set in place by HIPAA, they were strengthened and standardized under GINA. A paper by Hudson et al. noted that GINA would likely reduce the “fear factor” associated with genetic information, making it more likely that patients would participate in studies that collect genetic information .
The Health Information Technology for Economic and Clinical Health Act (HITECH), which was signed into law in 2009, was primarily meant to accelerate the adoption of electronic health records (EHR). The law was fairly successful — a study by Adler-Milstein and Jha found that adoption of EHR among eligible hospitals rose from 3.2% before the passage of HITECH to 14.2% after the law was passed . The HITECH Act also allowed patients to access their EHR which, coupled with increased adoption of EHR at medical facilities, made it easier for individuals to share their health data across organizations.
One of the most recent legislative additions to the patient protection framework is the Patient Protection and Affordable Care Act, which became law in 2010. The law extended Medicaid enrollment to around 15 million people with the ultimate goal of ensuring all Americans were covered by health insurance. While healthcare coverage is the best-known part of the law, ACA also included legislation aimed at improving care to underserved populations and making information about the cost of healthcare more transparent . While parts of the policy, like the individual mandate, have since been rolled back, many of the patient protection measures remain in place.
 Mayere Lee, Tiana. “An EMTALA Primer: The Impact of Changes in the Emergency Medicine Landscape on EMTALA Compliance and Enforcement.” Annals of Health Law, vol. 13, no. 1, 2004, pp. 145–178., https://lawecommons.luc.edu/cgi/viewcontent.cgi?article=1231&context=annals.
 Himmelstein, D U, et al. “Patient Transfers: Medical Practice as Social Triage.” American Journal of Public Health, vol. 74, no. 5, 1984, pp. 494–497. doi:10.2105/ajph.74.5.494.
 Zibulewsky, Joseph. “The Emergency Medical Treatment and Active Labor Act (Emtala): What It Is and What It Means for Physicians.” Baylor University Medical Center Proceedings, vol. 14, no. 4, 2001, pp. 339–346. doi:10.1080/08998280.2001.11927785.
 Annas, George J. “HIPAA Regulations — A New Era of Medical-Record Privacy?” The New England Journal of Medicine, vol. 348, no. 15, 10 Apr. 2003, pp. 1486–1490. doi:10.1056/NEJMlim035027.
 Hudson, Kathy L., et al. “Keeping Pace with the Times — The Genetic Information Nondiscrimination Act of 2008.” New England Journal of Medicine, vol. 358, no. 25, 2008, pp. 2661–2663. doi:10.1056/nejmp0803964.
 Adler-Milstein, Julia, and Ashish K. Jha. “HITECH Act Drove Large Gains In Hospital Electronic Health Record Adoption.” Health Affairs, vol. 36, no. 8, 2017, pp. 1416–1422. doi:10.1377/hlthaff.2016.1651.
 Rosenbaum, Sara. “The Patient Protection and Affordable Care Act: Implications for Public Health Policy and Practice.” Public Health Reports, vol. 126, no. 1, 2011, pp. 130–135. doi:10.1177/003335491112600118.