Most people believe the Privacy Rule of the Health Insurance Portability and Accountability Act protects the privacy of health information.
Unfortunately, that is a myth. Just as the P in HIPAA does not stand for privacy, the HIPAA Privacy Rule actually eliminates privacy protection in a way that prevents violations from being detected, monitored or audited.
Before the HIPAA Privacy Rule was adopted in 2002, a long-established legal principle held that individuals had the right to control all access to their health records. As we make the transition to electronic health records, we need to reinstate that important legal right.