Is HIPAA Privacy Rule a failure in protecting Patient Privacy?

Institute of Medicine has released a new report on its findings that the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule not only fails to adequately protect the privacy of people’s personal health information but it also hinders important health research discoveries. HIPAA act regulates what uses and disclosures of personally identifiable health information are permitted by health plans, health care
providers, and other entities covered by the regulation.

The report clarifies that the current HIPAA rule is difficult to reconcile with other federal regulations governing research involving people and their personally identifiable information. Based on this report the Institute recommends that Congress should authorize the development of an entirely new approach, separate from the current HIPAA Privacy Rule that would help protect personal health information in research. This new approach should apply privacy, data security, and accountability standards uniformly to information used in all health-related research regardless of who funds or conducts the research.

Again the committee has also stated recommendations in case the policymakers decide to continue relying on the current rule to protect privacy in health research. It recommends a
series of changes to improve the rule and the guidance that the US Department of Health and Human Services (HHS) gives on how to comply with it. In addition, the report urges all institutions conducting health research to strengthen their data protection, including encryption for all laptops, flash drives, and other portable media containing such data.