HIPAA Turns 20—Is it Time for it to Move Out?

The Health Insurance Portability and Accountability Act—better (if not more affectionately) known as HIPAA—was signed into effect in 1996, around the time that the World Wide Web was viewed as the wild frontier. In 2016, the internet is now The Establishment, every citizen of the United States has access to health insurance, and electronic data drive everything from who’s “trending” on Instagram to local, regional, and national expectations of the coming flu season. Even firewalls designed to protect individual information can do more harm than good if they inhibit aggregation of population healthcare information. And how much “protection” does HIPAA assure, anyway, with breaches of healthcare information grabbing the headlines far too often? Urgent care operators and other providers have expressed concern that they could ultimately be held liable for unauthorized release of individual health records, even if they have done everything within their power to keep a lid on personal details. There are also concerns among academics that the inaccessibility of data can stifle innovation, leaving untold improvements in clinical care unrealized. It all begs the question: Has HIPAA outlived its usefulness? And if so, do legislators—or presidential candidates, for that matter—have the wherewithal to take action?