HIPAA – The Intent vs. The Reality

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) began as a “portability act” to help individuals keep their health insurance coverage as they moved from one job to another. HIPAA evolved to include much more than portability. It is a complex set of rules that cover patient privacy and the use of information technology to transfer your medical records.

Lawmakers began nearly a decade ago to try and blend the ancient ethical tradition of patient privacy with the health information technology advances that can save lives and reduce costs. Congress intended for the HIPAA Privacy Rule to bring the healthcare industry into the 21st century while saving citizens billions of dollars.

Effective April 14, 2003, patients were required to sign new “Privacy Forms” that gave the illusion that their records were, well, private.

The Elimination of Consent
1996 Congress passed HIPAA, but did not pass a federal medical privacy statute, so the Dept. of Health and Human Services (HSS) was required to develop regulations that specified patients’ rights to health privacy. “…the Secretary of Health and Human Services shall submit to [Congress]… detailed recommendations on standards with respect to the privacy of individually identifiable health information.”
2001 President Bush implemented the HHS HIPAA “Privacy Rule” which recognized the “right of consent”. “…a covered healthcare provider must obtain the individual’s consent, in accordance with this section, prior to using or disclosing protected health information to carry out treatment, payment or health care operations.”
2002 HHS amended the HIPAA “Privacy Rule”, eliminating the “right of consent”. “The consent provisions… are replaced with a new provision…that provides regulatory permission for covered entities to use and disclose protected health information for treatment, payment, or health care operations.”

Download the Elimination of Consent as a PDF file.

HIPAA – The Reality

The “Privacy Rule” Became the “Disclosure Rule”

HIPAA produced absurd results because patients were no longer asked what medical information they wanted shared and what information they wanted to be kept private. Barriers were created that patients didn’t want, and access was granted to private corporations, individuals and government agencies that patients would never have agreed to.

Even more damaging, the amendments to the “Privacy Rule” opened the nation’s sensitive health records to millions of providers, employers, government agencies, insurance companies, billing firms, transcription services, phamacy benefit managers, pharmaceutical companies, data miners, creditors and more for any “routine” use.

  • You will not receive any notice of “routine” use and disclosure of your health information.
  • There are no audit trails of “routine” uses and disclosures
  • Access to you health record is retroactive, regardless of whether you paid out-of-pocket or were guaranteed privacy at the time. This means your health records from birth to death are available to others.


Visit our legislation page to see current bills that may or may not protect our privacy