Download Full Text (355 KB)


The Health Insurance Portability and Accountability Act (HIPAA), enacted by the US Congress 1996, laudably protects medical privacy in healthcare settings. However, this federal law has created a culture of fear that limits current efforts to address the COVID-19 pandemic. Healthcare providers, who are covered by HIPAA, may be reluctant to disclose information about outbreak clusters for fear of violating the law. Healthcare organizations, who are also covered by the law, still rely on fax machines to avoid violating HIPAA’s data security requirements. And the scrupulous rule-following in healthcare has given independent life to a HIPAA boogeyman. Thus, officials who are not covered by the law (e.g. schools) withhold or deter the release of valuable information—even when HIPAA does not apply to them. The Executive has taken some action to relax HIPAA in these unprecedented times and should take further action, along with Congress, to balance privacy rights with the need for greater transparency in the fight against COVID-19.

Publication Date


Document Type



COVID-19, COVID, coronavirus, HIPAA, fax, contact tracing, privacy, data security, HHS, FERPA, education, pandemic, sharing, data, information



HIPAA-Phobia Hampers Efforts To Track And Contain COVID-19

Included in

Law Commons