The Washington Post

A privacy law’s “unintended” but remarkably convenient results

HIPAA is an arguably well-intentioned privacy law that seems to yield nothing but “unintended” consequences. I put “unintended” in quotes because the consequences are often remarkably convenient, at least for those with power. I’m not sure you can call something that convenient “unintended.”

The problem has gotten so bad that even National Public Radio and the Pro Publica organization — hotbeds of bien pensant liberalism — have started to notice. This story, for example, could be mined for a host of Privy nominations for Dubious Achievements in Privacy Law:

In the name of patient privacy, a security guard at a hospital in Springfield, Mo., threatened a mother with jail for trying to take a photograph of her own son.

In the name of patient privacy, a Daytona Beach, Fla., nursing home said it couldn’t cooperate with police investigating allegations of a possible rape against one of its residents.

In the name of patient privacy, the U.S. Department of Veterans Affairs allegedly threatened or retaliated against employees who were trying to blow the whistle on agency wrongdoing.

When the federal Health Insurance Portability and Accountability Act passed in 1996, its laudable provisions included preventing patients’ medical information from being shared without their consent and other important privacy assurances.

But as a litany of recent examples show, HIPAA, as the law is commonly known, is open to misinterpretation — and sometimes provides cover for health institutions that are protecting their own interests, not patients’.

“Sometimes it’s really hard to tell whether people are just genuinely confused or misinformed, or whether they’re intentionally obfuscating,” said Deven McGraw, partner in the healthcare practice of Manatt, Phelps & Phillips and former director of the Health Privacy Project at the Center for Democracy & Technology.

At this point, we’ve seen a boatload of stories in which HIPAA produces stupid or bad results.  The real question is whether there are any stories in which HIPAA has produced unequivocally good results — things that wouldn’t have happened without the law.  Otherwise, we’re looking at a law passed to prevent nonexistent abuses that has become a source of abuse itself.  In my view, that’s a recipe for repeal — and pretty much the story of most privacy law.



Success! Check your inbox for details. You might also like:

Please enter a valid email address

See all newsletters

Show Comments

Sign up for email updates from the "Confronting the Caliphate" series.

You have signed up for the "Confronting the Caliphate" series.

Thank you for signing up
You'll receive e-mail when new stories are published in this series.
Most Read



Success! Check your inbox for details.

See all newsletters

Next Story
Orin Kerr · July 25, 2014

To keep reading, please enter your email address.

You’ll also receive from The Washington Post:
  • A free 6-week digital subscription
  • Our daily newsletter in your inbox

Please enter a valid email address

I have read and agree to the Terms of Service and Privacy Policy.

Please indicate agreement.

Thank you.

Check your inbox. We’ve sent an email explaining how to set up an account and activate your free digital subscription.