The HIPAA was implemented more than twenty years ago to improve health information flow. Protecting patient data for the reduction of fraud was another critical purpose. Based on the evidence from the research literature and statistical reports, this paper argues that the HIPAA is not very successful in promoting the safety of patient data.
The first potential drawback of the law refers to the selection of mechanisms and priorities. The federal statute’s “after-the-fact” data safeguarding mechanisms emphasize demanding confidentiality rather than limiting personal data collection (McKinstry, 2018, p. 2). In terms of priority-setting, it is the restriction of personal data collection that characterizes systems that place privacy interests first (McKinstry, 2018). Particularly, as opposed to the HIPAA, the GDPR in the European Union gives the patient more opportunities to “control the migration of personal data” (McKinstry, 2018, p. 24). Unlike the GDPR, the HIPAA does not require affirmative consent from data subjects to process specific categories of data.
Additionally, current health data breach statistics suggest that the HIPAA does not address the threat of breaches. For instance, as HIPAA Journal (2020) reports, the number of healthcare data breaches has increased drastically since 2009. In 2015, the number of affected individuals exceeded 100 million citizens, and 2019 became the worst reporting period in terms of the number of data breaches of more than 500 individual records (HIPAA Journal, 2020). This evidence demonstrates that the HIPAA does not promote principles that would make unauthorized access to data nearly impossible.
Finally, there are two reasons to criticize HIPAA rules and their effectiveness. At the theoretical level, it differs from statutes in other countries by focusing on confidentiality rather than reducing safety risks by enabling patients to prevent data disclosure. Drastic increases in health data breaches also point to the HIPAA’s flaws.
HIPAA Journal. (2020). Healthcare data breach statistics. Web.
McKinstry, C. J. (2018). The HIPAA privacy rule: Flawed privacy exposed when compared with the European Union’s General Data Protection Regulation. Journal of Health Care Finance, 45(1), 1-32.