The Health Insurance Portability and Accountability Act (HIPAA) of 1996 (Public Law 104-191) provides for the protection of an individual's health information, which includes medical records and other identifying health-related documentation. It protects all "individually identifiable health information" held or transmitted in any form, including electronic, paper and verbal, by a covered entity. See 45 C.F.R. Section 160.103. A goal of HIPAA's standards and rules is to allow the flow of health information necessary to provide high-quality health care, while at the same time protecting an individual's privacy. For example, a patient may want her treating providers to exchange information related to her treatment to ensure the best care possible but will also not want other people to have access to it.

The need for access to someone's health information arises in the field of medical malpractice litigation. Typically, the parties to such a litigation would have access to the alleged injured party's health records by authorizations provided by said party or the party's representative. However, sometimes the health information of a nonparty becomes relevant to the matter, particularly if such information is needed to support arguments in favor of or against liability. For example, to prove that a physician at a psychiatric hospital failed to properly assess a particular nonparty patient, thereby permitting an environment in which said patient was able to assault another patient (now the plaintiff), the plaintiff patient would need access to the nonparty patient's records to show that the physician deviated from the standard of care in his assessment.