Reflecting on 25 Years of HIPAA

Font Size:

To commemorate the 25th anniversary of HIPAA’s passage, leading scholars explore the law’s impact on privacy and health care.

Font Size:

Twenty-five years ago, on August 21, President Bill Clinton signed the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Celebrated as the first national health privacy law in the United States, HIPAA created a regulatory framework for the protection of many types of health information.

As both health care and technology have evolved at an accelerated pace over the last quarter century, the HIPAA framework has also expanded and evolved in how it seeks to protect the privacy of health information. The HIPAA Privacy Rule, Security Rule, and the Breach Notification Rule were adopted to fill in pieces missing from the original legislation.

Despite these additions, questions remain about HIPAA’s impact and sufficiency in today’s digital age. Is HIPAA’s framework still workable? What new types or sources of health information not currently covered by HIPAA should be considered “protected health information?”

The Regulatory Review developed this series to commemorate HIPAA’s passage by examining its strengths and weaknesses and identifying possible recommendations for future health privacy reform. Contributors to this series are: Anita L. Allen, the Henry R. Silverman Professor of Law and Professor of Philosophy at the University of Pennsylvania Law School; Sharona Hoffman, the Edgar A. Hahn Professor of Law at the Case Western Reserve University School of Law; Mary Anderlik Majumder, a Professor of Medicine at Baylor College of Medicine; Nicolas Terry, the Hall Render Professor of Law at Indiana University’s Robert H. McKinney School of Law; Anya E.R. Prince, an Associate Professor of Law at the University of Iowa College of Law; and Stacey A. Tovino, Professor of Law at University of Oklahoma College of Law.

HIPAA at 25 Remains a Work In Progress 

August 16, 2021 | Anita L. Allen, University of Pennsylvania Law School

HIPAA has delivered meaningful benefits to consumers but still needs updating to address new and emerging privacy challenges.

The Limited Reach of the HIPAA Security Rule

August 17, 2021 | Sharona Hoffman, Case Western Reserve University School of Law

To improve the protection of electronic health information, regulators should consider a comprehensive legal mandate for health data holders.

The HIPAA Right of Access and Data Sharing

August 18, 2021 | Mary Anderlik Majumder, Baylor College of Medicine

New privacy challenges are emerging in light of recent developments to patient right of access policies.

Location Data are Revealing Health Information

August 19, 2021 | Anya E.R. Prince, University of Iowa College of Law

HIPAA does not go far enough to protect health-related information obtained through location data collected by cellphones.

HIPAA’s Strengths and Limitations

August 20, 2021 | Stacey A. Tovino, University of Oklahoma College of Law

HIPAA’s privacy rule exemplifies HIPAA’s strengths and weaknesses.

Chasing Technology for 25 Years

August 21, 2021 | Nicolas Terry, Indiana University Robert H. McKinney School of Law

As more health data are generated outside of traditional health care, HIPAA’s protective impact is shrinking, which places it at a growing disadvantage in a world of digital health.