Wednesday, April 1, 2009


HIPAA Privacy Rule Fails to Adequately Protect
Patient Privacy and Hampers Health Research
A new report from the Institute of Medicine finds that the Health
Insurance Portability and Accountability Act (HIPAA) Privacy Rule
—which regulates what uses and disclosures of personally identifiable
health information are permitted by health plans, health care
providers, and other entities covered by the regulation—does not
adequately protect the privacy of people’s personal health information
and hinders important health research discoveries. The
report notes that the current HIPAA rule is difficult to reconcile
with other federal regulations governing research involving people
and their personally identifiable information, and recommends
that Congress authorize the development of an entirely new
approach, separate from the current HIPAA Privacy Rule, to protecting
personal health information in research. This new approach
should apply privacy, data security, and accountability standards
uniformly to information used in all health-related research regardless
of who funds or conducts the research, the report says.
If policymakers decide to continue relying on the current rule to
protect privacy in health research, the committee recommends a
series of changes to improve the rule and the guidance that the
US Department of Health and Human Services (HHS) gives on
how to comply with it. In addition, the report urges all institutions
conducting health research to strengthen their data protection,
including encryption for all laptops, flash drives, and other
portable media containing such data.


  1. It does not protect you. It allows your doctor to release your records. Take it from someone that was violated.

  2. Dear Anonymous,

    Thank you for your comment. You are correct in saying that HIPAA does not protect the privacy of individual’s medical records. There was an excellent article published a few years ago that indicated that there has been hundreds of thousands of HIPAA complaints filed against alleged perpetrators to the federal government. Unfortunately, HIPAA is such a weak law that out of hundreds of thousands of complaints, the government only prosecuted two cases. And the two that were prosecuted led to minimal fines.

    You are not the only person who has experienced lack of privacy regarding medical records. People do not realize the lack of protection HIPAA offers until the time that they need it most. And when they do they then realize how dangerously weak it is.

    HIPAA is a sham in pretending to offer protections for individual’s medical privacy rights. We need new medical privacy laws enacted especially since it is obvious that in the near future all our medical records will be maintained on a computer system, making our medical records less secure and more easily accessed by others.