Past Releases and Reports
About Privacilla
Privacy Fundamentals
Privacy and Government
Privacy and Business
Online Privacy
Financial Privacy
Medical Privacy
E-mail Privacilla the rules of the game according to you!
Your Source for Privacy Policy from a Free-market, Pro-technology Perspective

Click to return to the Medical Privacy outline

Home > Privacy and Business > Medical Privacy > Select Laws and Regulations > HIPAA Privacy Regulations > Where the HIPAA Privacy Regulations Came From > Political Gamesmanship and the HIPAA Privacy Regulations

Political Gamesmanship and the HIPAA Privacy Regulations

The story of the HIPAA privacy regulations is one of the best illustrations of how crass and political federal policymaking can get. There are many reasons to lack confidence in the regulations because of the way they were formulated.

Congress enacted the HIPAA law, punting on its responsibility to make federal privacy policy, in August 1996. At this time, the 1996 presidential election was looming. The HIPAA law called for privacy recommendations to come exactly twelve months later, from a Department of Health and Human Services controlled by the election's winner. The next President could veto any legislation, ensuring that the regulations would come from an HHS he controlled, rather than from Congress. So, instead of seeking an educated consensus, Republican and Democratic leaders put federal privacy policy down as a bet on the election race between Bill Clinton and Bob Dole. Democrats won the bet.

One of the terms of that bet was that the Department of Health and Human Services would issue privacy regulations (if Congress failed to act) "not later than" 42 months after HIPAA was enacted. Accordingly, regulations would have been issued in December 1999, less than a year before the presidential election of 2000. This timing is important, because the party that won the original HIPAA bet would still have to answer to voters in the 2000 election, an important restraint on what would come out of the process.

The Clinton Administration's HHS welshed on this part of the bet, and did not issue the HIPAA privacy regulations until December 2000 just after the election contest between George W. Bush and Al Gore. This allowed the Clinton Administration to issue privacy regulations that did not create a political risk for the Democratic party's candidate.

Though one can never know whether it changed the substance of the regulation, this timing sheltered the Administration and the political party responsible for the regulations from accountability no small irony given that this was a product of the Health Insurance Portability and Accountability Act.

This does not make heroes of Republicans. Both parties deserve substantial blame for their gamesmanship with federal privacy policy. Federal law should be the result of consensus among elected representatives in Congress, and the approval of the President. The HIPAA privacy regulations have none of these elements.


Comments? (Subject: HIPAAPolitics)

[updated 04/18/02]

©2000-2003 All content subject to the Privacilla Public License.