Proceeding from the proposition that privacy is a fundamental right, this essay notes the importance of maintaining medical records privacy in light of the increased use of technology. It describes the Privacy Rule promulgated under HIPAA, which was intended to strengthen medical records privacy, but notes the restriction of privacy rights following September 11, 2001 ("9/11"). In light of circumscribed privacy rights, the Privacy Rules becomes much more important in protecting medical records privacy. Unfortunately, the Rule falls short of this goal by potentially running afoul of the First and Fourth Amendments. It also fails to provide adequate medical records protection because it: (1) relies on an out of date technology model; (2) provides too many exceptions to its own consensual disclosure provisions; (3) lacks specificity in defining the entities it covers; (4) fails to resolve important federalism issue; and (5) caters to corporate interests. These problems can be corrected by bolstering computer security, changing the text of the rule to anchor a patient's "reasonable expectation of privacy," and offering the judiciary an avenue to continue to expand privacy rights despite the nation's post-9/11 fears.
Note, A Tripartite Threat to Medical Records Privacy: Technology, HIPAA's Privacy Rule and the USA Patriot Act, 17 J.L. & Health 271 (2002-2003)