HIPAA has become an all-purpose excuse against automating medicine.
In practice HIPAA protects no one. The first thing every patient must do on arriving at any doctor's office today is sign away their rights under the law. No one wants to be sued over a paperwork issue.
HIPAA has also destroyed the competitiveness of small practices. Because it had a loophole making small practices immune from its controls, hundreds of thousands of doctors have simply refused to switch from paper records.
Conservatives will say "I told you so" and call for scrapping HIPAA. That's an ideological argument, however, which assumes the flaws in the law can't be fixed and lawlessness is preferable.
Instead each time a doctor or hospital you've given data to wants to share it, you must be notified. This can and should be done electronically. Those who've resisted EHR because of HIPAA will now have an incentive to convert.
Beyond this we need audit trails. And standards covering the handling, the format, and the transmittal of EHR data. If anything should provide safe harbor it should be standards whose compliance we can track.
But what do you think? Should we mend HIPAA, end HIPAA, or leave things are they are? [poll id=2]