From Volume 79, Number 2 (January 2006)
The landmark Health Insurance Portability and Accountability Act (“HIPAA”), which President Bill Clinton signed into law on August 21, 1996, was enacted in response to advances in information technology and their dramatic impact on the health care industry. Until recently, most medical records were paper-based, but technological developments have made it increasingly efficient to collect, retain, transmit, and exchange health care data. Title II of HIPAA includes the Administrative Simplification provisions, which mandate the promulgation and adoption of national standards for electronic transactions, thereby encouraging the use of electronic data systems.
Electronic data transmission has sped the delivery of care and the processing of claims, improved systems for identifying and treating those at risk for disease, facilitated medical research, and helped to detect fraud and abuse. But at the same time, by reducing the logistical obstacles to dissemination that had previously helped to preserve the confidentiality of hard-copy records, shifting from paper-based to electronic information systems has increased the risk that sensitive information may become vulnerable to inappropriate uses and disclosures.
Consequently, with the shift to electronic data management, there has been a concomitant increase in concerns about the confidentiality and privacy of medical information. These concerns have been compounded by changes in the health care delivery system, including the rise in integrated and managed-care networks, which have resulted in more entities maintaining and exchanging information. Increasing numbers of individuals and organizations, including some not even affiliated with physicians or health plans, now have access to medical records