Conclusions
HIPAA works from the premise that individuals should control their own personal health information. HIPAA has significant exceptions to allow medical care to be provided to the patient without unduly burdensome paperwork requirements. HIPAA also have broad exceptions for research access to records, but these still make certain types of research much more burdensome or impossible to do. As discussed in the Public Health section, there are also significant exceptions to HIPAA for public health investigations.
HIPAA does provide some useful additional protections for patient privacy and it gives patients better control over their medical information. This comes at a significant cost to hospitals and other medical care providers, as well to medical research. Given the numerous exceptions to HIPAA, which privacy advocates argue really allow most of the practices they are concerned about, it is not clear that HIPAA will be worth its cost. Only time can answer that question.