HIPAA, year One

I got a nice email from a blogger yesterday, and found out that not only is he a Texan, he lives in Dallas, the lesser-known of our twin cities here in North Texas.

He’s an attorney, and his blog focus is HIPAA. He’s posted a nice summary of the GAO’s report on the first year of the implementation of HIPAA, and here’s his editorial opinion following his reporting: HIPAA Blog

Personally, I think this is because the medical community has always been quite good at keeping private what is supposed to stay private. HIPAA was, in large part, drafted to fix a problem that existed primarily in the minds of the paranoid and over-reactionary. Were evil drug companies and marketing firms using personal medical information for nefarious (or at least profit-driven) purposes? Sure, it happened occasionally. But the vast, vast majority (well over the Ivory Soap threshold of 99.44%) of individuals and entities that had access to personal medical information maintained the privacy and confidentiality of that information at least as well as HIPAA now mandates. It’s easy to fix a problem if it doesn’t really exist in the first place.

That’s what I’ve been saying, but not as well. His will be a frequently read site of mine.