If you care about patients, you should care about their data.

Whenever I go to a doctor and am asked what I do for a living, I say that I focus on information privacy law.

“HIPAA?” the doctors will ask.

“Yes, HIPAA,” I confess.

And then the doctor’s face turns grim. At first, it looks like the face of a doctor about to tell you that you’ve got a fatal disease. Then, the doctor’s face crinkles up slightly with disgust. This face is so distinctive and so common that I think it should be called “HIPAA face.” It’s about as bad as”stink eye.”

For so many healthcare providers, HIPAA is a source of great aggravation. It’s difficult. It’s boring. It seems to consist of a lot of inconvenient and costly requirements.

I believe that these attitudes about HIPAA are due to a failure to educate healthcare professionals about the reasons why HIPAA matters. HIPAA is not about doing all sorts of needless things for their own sake. It is about protecting patients.

Click here to read the full article.

August 31, 2015 by Daniel Solove, Organizer of the PRIVACY+SECURITY FORUM + Professor, GW Law School