Reflecting on 25 Years of HIPAA

To commemorate the 25th anniversary of HIPAA’s passage, leading scholars explore the law’s impact on privacy and health care.

Twenty-five years ago, on August 21, President Bill Clinton signed the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Celebrated as the first national health privacy law in the United States, HIPAA created a regulatory framework for the protection of many types of health information.

As both health care and technology have evolved at an accelerated pace over the last quarter century, the HIPAA framework has also expanded and evolved in how it seeks to protect the privacy of health information. The HIPAA Privacy Rule, Security Rule, and the Breach Notification Rule were adopted to fill in pieces missing from the original legislation.

Despite these additions, questions remain about HIPAA’s impact and sufficiency in today’s digital age. Is HIPAA’s framework still workable? What new types or sources of health information not currently covered by HIPAA should be considered “protected health information?”

The Regulatory Review developed this series to commemorate HIPAA’s passage by examining its strengths and weaknesses and identifying possible recommendations for future health privacy reform. Contributors to this series are: Anita L. Allen, the Henry R. Silverman Professor of Law and Professor of Philosophy at the University of Pennsylvania Law School; Sharona Hoffman, the Edgar A. Hahn Professor of Law at the Case Western Reserve University School of Law; Mary Anderlik Majumder, a Professor of Medicine at Baylor College of Medicine; Nicolas Terry, the Hall Render Professor of Law at Indiana University’s Robert H. McKinney School of Law; Anya E.R. Prince, an Associate Professor of Law at the University of Iowa College of Law; and Stacey A. Tovino, Professor of Law at University of Oklahoma College of Law.