Does Overregulation Lead to Diminished Healthcare Outcomes?

With all of the political hoopla surrounding the American healthcare delivery system these days, it’s worth reminding ourselves that there is one federal law we’ve all been living with for much longer than the Affordable Care Act.

It doesn’t seem like it was that long ago, but in fact the Health Insurance Portability and Accountability Act – commonly known as HIPAA – celebrated its twentieth anniversary in 2016. Signed into law by then-President Clinton in 1996, HIPAA was enacted to provide patients – and healthcare providers – with a framework for securing, managing, and sharing sensitive personal information about our health and medical conditions. The idea was to give patients some peace of mind that their medical histories wouldn’t be used for a purpose other than delivering healthcare; at least without the patient’s permission.


Since 1996, however, the states have gotten in on the patient privacy regulation game and a number of them have adopted their own regulatory schemes. That’s not an unusual response by the states to a new area of federal law. California, for example, has long had state-mandated automobile emissions standards that exceed those set down by federal regulators.

But when It comes to patient privacy, many of the states have adopted regulatory frameworks that amount to a trap for the unwary. The bottom line is that even if your healthcare company complies with HIPAA, you may still need to adopt a second (or third, or fourth, of forty-ninth!) regulatory compliance overlay that addresses the nuances of these state privacy laws too. The questions we should ask ourselves as prospective (or actual) patients are (1) whether the federally-mandated privacy regulations are adequate, and (2) if so, whether the various state privacy schemes are limiting our access to the best possible healthcare outcomes by acting as a barrier to innovation through data portability.

Stephanie Baum, writing for MedCity News recently interviewed Washington D.C. healthcare privacy lawyer Ann Waldo about the added burdens of complying with state medical privacy laws. Waldo described the overlay of state privacy laws as a “hidden tax on healthcare” and noted that, “There are definitely ways we could pre-empt these medical privacy laws that would make it better for innovation and better for patients and better for providers.”


Very few people today would argue the need for some common-sense regulation of personal health information. And a federal regulatory approach seems to best fit the digital world in which our innovative and life-saving medical care is more and more frequently delivered across state lines.  But are their reasonable limits to that regulation? Is healthcare innovation otherwise at risk? Should we allow HIPAA to serve its purpose and limit (or eliminate) state regulations as barriers to innovation?

This debate will no doubt continue. Let us know what you think.