HIPAA's Privacy Regulations: Increased Privacy Comes at a Cost

Deeb Salem, MD


September 24, 2003

In This Article


The Health Insurance Portability and Accountability Act (HIPAA) was passed into Federal law in 1996, with the deadline for meeting its extensive requirements of privacy regulations effective April 14, 2003.[1] Although the concept that a patient's medical information should remain private has been accepted for many years, the new regulations have introduced a previously unseen level of specificity and complexity to the process of transmitting information between caregivers and healthcare institutions.

It is worth recalling that the driving force behind these regulations was the arrival of the electronic era of archiving and transmitting almost every facet of patient information, and with it, the need to establish stronger protections for the privacy of that information. Recognizing the slow progress that the healthcare industry has made toward the goal of converting all patient records into electronic information, however, the privacy rule applies equally to patients' paper records.

Few would argue against the positive patient-oriented intent of the legislation. What lawmakers and regulators did not anticipate was the mass confusion that has resulted in hospitals and doctor's offices around the country stemming from an incomplete or inaccurate interpretation of the law. Five months after the privacy rule's enactment, major institutions, such as Tufts-New England Medical Center, (where I am Chairman of the Department of Medicine), have experienced interruptions in urgent patient care because of mistakes in how the privacy rules are interpreted.


Comments on Medscape are moderated and should be professional in tone and on topic. You must declare any conflicts of interest related to your comments and responses. Please see our Commenting Guide for further information. We reserve the right to remove posts at our sole discretion.