The Health Insurance Portability and Accountability Act of 1996 was established to protect the sensitive health information from public exposure, to oversee electronic health records, and to ensure that patient safety is not compromised (HHS, 2013). Upon its inception, organizations were required to comply with new requirements for the collection and protection of health information in a manner consistent with HIPAA, and general, the Act has been successful in providing these protections. There have been a number of successful examples, but also a number of failures in providing a secure electronic environment to keep sensitive health information as private as possible.
Although HIPAA has demonstrated a commitment to secure health records and data, it has not necessarily fulfilled its promise to date. Many organizations have struggled with the premise that patients now have freer access to their own health records, often in environments with less than ideal security (Fox, 2012). Under these conditions, it is also possible for organizations to use data with specific identifiers more openly to accomplish their desired objectives, perhaps for research and validity purposes (Fox, 2012). Many questions have been raised regarding the effectiveness of HIPAA in achieving its original intent and purpose, while also attempting to secure the data of millions of patients across the United States (Fox, 2012). Therefore, it is necessary to reevaluate HIPAA in the context of its successes and failures to determine where modifications are necessary.
HIPAA has been successful in some ways, while less than desirable in others. It is necessary for health care organizations to continue to comply with this regulation as best as possible; however, the federal government must also examine its weaknesses in order to determine how to make improvements to protect patient data for the foreseeable future so that sensitive information is not compromised.
Fox, S. (2012). HIPAA’s broken promises. The Health Care Blog, retrieved from http://thehealthcareblog.com/blog/2009/09/27/hipaas-broken-promises/
U.S. Department of Health & Human Services (2013). Health Information Privacy. Retrieved from http://www.hhs.gov/ocr/privacy/