Home > Privacy and Business > Medical Privacy > Select Laws and Regulations > HIPAA Privacy Regulations > Where the HIPAA Privacy Regulations Came From > Harms Addressed by the HIPAA Privacy Regulations
Harms Addressed by the HIPAA Privacy Regulations
One of the most intriguing elements of the privacy regulations issued under the Health
Insurance Portability and Accountability Act is the harms that the regulations are intended to
address. In the "preamble" to the regulations — the section that describes their basis
and purpose — a surprisingly small number of actual harms to privacy are recited. Many
of those that are discussed would not be prevented by the regulations.
Several of the privacy breaches resulted from stupidity, mistakes, or
violations of existing law or rules. For example, the regulation cites:
Unfortunately, stupidity and mistakes cannot be prevented by regulation. More likely,
complex regulations like the HIPAA privacy rules will magnify stupidity and increase mistakes.
- The accidental posting of medical records on the Internet by a
Michigan-based health system;
- Theft and misuse of HIV records by an employee of the Tampa, Florida
health department (who was subsequently fired);
- An incident where health insurance claims forms blew out of a truck; and
- Prescription records being found on the hard drive of a used computer.
The preamble does cite many polls and studies where consumers stated their concerns
about privacy, which is indeed important. If the Department of Health
and Human Service can not identify concrete harms to privacy that the regulation
would prevent, however, there is some question whether the regulations will do
anything to assuage public concern. The HIPAA regulations may increase regulation
and health care costs without materially improving either actual privacy protection or
All content subject to the Privacilla