HIPAA and Protecting Health Information in the 21st Century

In March 2018, the Trump administration announced a new initiative, MyHealthEData, to give patients greater access to their electronic health record and insurance claims information. The Centers for Medicare & Medicaid Services will connect Medicare beneficiaries with their claims data and increase pressure on health plans and health care organizations to use systems that allow patients to access and send their health information where they like. Given these concerns, it is timely to reexamine the adequacy of the Health Insurance Portability and Accountability Act (HIPAA), the nation's most important legal safeguard against unauthorized disclosure and use of health information. HIPAA's Privacy Rule generally requires written patient authorization for disclosure of identifiable health information by covered entities unless a specific exception applies, such as treatment or operations.