Updating HIPAA for the electronic medical record era.

With advances in technology, patients increasingly expect to access their health information on their phones and computers seamlessly, whenever needed, to meet their clinical needs. The 1996 passage of the Health Insurance Portability and Accountability Act (HIPAA), modifications made by the Health Information Technology for Economic and Clinical Health Act (HITECH), and the recent 21st Century Cures Act (Cures) promise to make patients' health information available to them without special effort and at no cost. However, inconsistencies among these policies' definitions of what is included in "health information", widespread variation in electronic health record system capabilities, and differences in local health system policies around health data release have created a confusing landscape for patients, health care providers, and third parties who reuse health information. In this article, we present relevant regulatory history, describe challenges to health data portability and fluidity, and present the authors' policy recommendations for lawmakers to consider so that the vision of HIPAA, HITECH, and Cures may be fulfilled.