HIPAA works from the premise that individuals should control their own
personal health information. HIPAA has significant exceptions to allow medical
care to be provided to the patient without unduly burdensome paperwork
requirements. HIPAA also have broad exceptions for research access to
records, but these still make certain types of research much more burdensome
or impossible to do. As discussed in the Public Health section, there are also
significant exceptions to HIPAA for public health investigations.
HIPAA does provide some useful additional protections for patient privacy and it
gives patients better control over their medical information. This comes at a
significant cost to hospitals and other medical care providers, as well to medical
research. Given the numerous exceptions to HIPAA, which privacy advocates
argue really allow most of the practices they are concerned about, it is not
clear that HIPAA will be worth its cost. Only time can answer that question.