Privacy and Health Information Technology

The increased use of health information technology (health IT) is a common element of nearly every health reform proposal because it has the potential to decrease costs, improve health outcomes, coordinate care, and improve public health. However, it raises concerns about security and privacy of medical information. This paper examines some of the "gaps" in privacy protections that arise out of the current federal health privacy standard, the Health Insurance Portability and Accountability (HIPAA) Privacy Rule, which is the main federal law that governs the use and disclosure of health information. Additionally, it puts forth a range of possible solutions, accompanied by arguments for and against each, to strengthen the current legal framework of privacy protections in order to build public trust in health IT and facilitate its use for health reform. The American Recovery and Reinvestment Act (ARRA), enacted in February 2009, includes a number of changes to HIPAA and its regulations, and those changes are clearly noted among the list of solutions.