This blog post is a writing assignment for HIMT 1200: Legal Aspects of Healthcare, part of the Health Information Management Technology (HI13) Associate of Applied Science Degree program at Georgia Northwestern Technical College.


HIPAA originated at a similar time as the Internet. Over the next 20 years, the Internet and technology have drastically changed. Electronic health records, telehealth, mobile devices, and trackers like FitBit have consumed healthcare and the general public and surpassed privacy regulations. Many healthcare providers believe HIPAA is outdated and should be updated or replaced despite the changes made with HITECH and the Omnibus Rule in 2009 and 2013 (Butler, 2017). Technology and innovation will continue, and blockchain technology will likely override current technology (Alder, 2017). Law and regulations must also continue to change to keep up with technology or become obsolete.

TCP/IP technology is the current communication protocol for the Internet. Therefore it is the foundation for electronic health records and their transmittal. This technology is also currently used for e-mail and smartphones. Cybersecurity and malware are escalating problems, and the ability to combat cybercriminals is insufficient with TCP/IP technology (Hammaker, 2020, p. 390-91). HIPAA currently mandates that all covered entities establish safeguards to assure security for protected health information (PHI). Still, it does not regulate how or with what security methods they accomplish this act (Alder, 2017). For these reasons, HIPAA should not mandate that health care providers and entities use TCP/IP technology to keep PHI safe. Such regulation will lead to lower security than the future use of blockchain technology and will hinder the progress of privacy and security. New laws should be established for improved future technology as the industry continues to change and adapt, but these regulations should not limit innovation (Hammaker, 2020, p. 393).

Healthcare professionals currently debate whether HIPAA should be updated further or replaced (Butler, 2017). Doubt also exists about blockchain technology being HIPAA compliant. One example of concern is that HIPAA bans using mathematically-derived encryption of PHI. The reason for this ban is that encrypted data can possibly be re-identified. This specific regulation could prevent using blockchain technology in healthcare due to non-compliance with HIPAA (Miliard, 2018). HIPAA could continue to play a role when electronic records are switched to blockchain platforms, but the already outdated laws would need further updating for HIPAA to remain relevant. Otherwise, the best option is to create new laws to replace HIPAA that do not hinder blockchain or other innovations that could establish a more secure health information environment.



Alder, S. (2017, Sep. 26). The Benefits of Using Blockchain for Medical Records. HIPAA Journal.

Butler, M. (2017, April ). Is HIPAA Outdated? While Coverage Gaps and Growing Breaches Raise Industry Concern, Others Argue HIPAA is Still Effective. AHIMA HIM Body of Knowledge.

Hammaker, D. K. (2020). Health Records and the Law. (5th ed.). Burlington, MA: Jones & Bartlett Learning.

Miliard, M. (2018, Dec. 11). As blockchain proves its worth for healthcare, regulatory questions remain. Healthcare IT News.


Assignment 15.1 - Amy Haisten


Featured Image: Stock Photo, Photo Source: Metro