To commemorate the 25th anniversary of HIPAA’s passage, leading scholars explore the law’s impact on privacy and health care.
Twenty-five years ago, on August 21, President Bill Clinton signed the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Celebrated as the first national health privacy law in the United States, HIPAA created a regulatory framework for the protection of many types of health information.
As both health care and technology have evolved at an accelerated pace over the last quarter century, the HIPAA framework has also expanded and evolved in how it seeks to protect the privacy of health information. The HIPAA Privacy Rule, Security Rule, and the Breach Notification Rule were adopted to fill in pieces missing from the original legislation.
Despite these additions, questions remain about HIPAA’s impact and sufficiency in today’s digital age. Is HIPAA’s framework still workable? What new types or sources of health information not currently covered by HIPAA should be considered “protected health information?”
The Regulatory Review developed this series to commemorate HIPAA’s passage by examining its strengths and weaknesses and identifying possible recommendations for future health privacy reform. Contributors to this series are: Anita L. Allen, the Henry R. Silverman Professor of Law and Professor of Philosophy at the University of Pennsylvania Law School; Sharona Hoffman, the Edgar A. Hahn Professor of Law at the Case Western Reserve University School of Law; Mary Anderlik Majumder, a Professor of Medicine at Baylor College of Medicine; Nicolas Terry, the Hall Render Professor of Law at Indiana University’s Robert H. McKinney School of Law; Anya E.R. Prince, an Associate Professor of Law at the University of Iowa College of Law; and Stacey A. Tovino, Professor of Law at University of Oklahoma College of Law.
HIPAA at 25 Remains a Work In Progress
August 16, 2021 | Anita L. Allen, University of Pennsylvania Law School
HIPAA has delivered meaningful benefits to consumers but still needs updating to address new and emerging privacy challenges.
The Limited Reach of the HIPAA Security Rule
August 17, 2021 | Sharona Hoffman, Case Western Reserve University School of Law
To improve the protection of electronic health information, regulators should consider a comprehensive legal mandate for health data holders.
The HIPAA Right of Access and Data Sharing
August 18, 2021 | Mary Anderlik Majumder, Baylor College of Medicine
New privacy challenges are emerging in light of recent developments to patient right of access policies.
Location Data are Revealing Health Information
August 19, 2021 | Anya E.R. Prince, University of Iowa College of Law
HIPAA does not go far enough to protect health-related information obtained through location data collected by cellphones.
HIPAA’s Strengths and Limitations
August 20, 2021 | Stacey A. Tovino, University of Oklahoma College of Law
HIPAA’s privacy rule exemplifies HIPAA’s strengths and weaknesses.
Chasing Technology for 25 Years
August 21, 2021 | Nicolas Terry, Indiana University Robert H. McKinney School of Law
As more health data are generated outside of traditional health care, HIPAA’s protective impact is shrinking, which places it at a growing disadvantage in a world of digital health.
