Twenty years ago, President Clinton signed the Health Insurance Portability and Accountability Act of 1996 (HIPAA) into law. Over the past two decades, the federal Department of Health and Human Services (HHS) has published several sets of rules implementing the Administrative Simplification provisions within HIPAA as well as the Health Information Technology for Economic and Clinical (HITECH) Act within the American Recovery and Reinvestment Act (ARRA). These rules include, but certainly are not limited to, a final rule published on January 25, 2013, governing the use and disclosure of protected health information by covered entities and their business associates (the Privacy Rule).
Since 2003, I have been teaching one-, two-, and three-credit Privacy Rule classes at law schools across the country. I also have provided continuing education and other training programs on the topic of the Privacy Rule to practicing physicians, dentists, clinical psychologists, social workers, nurses, and other health care professionals, as well as non-lawyer privacy officials and other health industry participants. My goal with this Article is to examine approaches to teaching the Privacy Rule to law and non-law audiences. Through trial and error, I believe I have improved my Privacy Rule teaching since 2003, and I wish to share my pedagogical successes and failures in this Article.
This Article proceeds as follows: Part I summarizes the history of the Privacy Rule, including the many proposed rules, interim final rules, final rules, guidance documents, and resolution agreements published by HHS. Part II reviews the Privacy Rule's theory of and approach to health information confidentiality. Part III discusses my experience teaching the Privacy Rule to both law and non-law audiences.
In part because few judicial opinions interpreting the Privacy Rule are substantively helpful, Part III argues that Privacy Rule teachers may wish to teach fewer cases and focus instead on the principles of health information confidentiality gleaned from the preambles to HHS's rulemakings as well as HHS's guidance documents, resolution agreements, and frequently-asked questions. Part III further suggests that Privacy Rule teachers who train non-law audiences solicit questions in advance and use these questions to illustrate the Privacy Rule's use-and-disclosure requirements, as bird's-eye legal overviews tend to be unhelpful.
61 St. Louis U. L. J. 469 (2017)
Tovino, Stacey A., "Teaching the HIPAA Privacy Rule" (2017). Scholarly Works. 1028.