The HIPAA hoax: Exposing America’s medical privacy betrayal 

Since HIPAA took effect in April 2003, Americans have maintained a false sense of security regarding their medical privacy.  

Since HIPAA took effect in April 2003, Americans have maintained a false sense of security regarding their medical privacy. (Shutterstock)

Americans have been swindled.

For more than two decades, patients in exam rooms and hospitals throughout the country have clung to the notion that their medical records are safeguarded by the “ironclad protections” of the Health Insurance Portability and Accountability Act (HIPAA).

Yet, behind this security facade lies a disturbing reality: HIPAA is a tool crafted to erode our right to privacy under the sneaky guise of protection.

The sleight of hand begins with the name itself. The “Privacy Rule” embedded within HIPAA suggests a robust shield against unauthorized access to sensitive medical information. However, closer examination reveals that HIPAA was never designed with patient privacy in mind. Rather, it serves the interests of those who view patient data as a lucrative commodity, ripe for exploitation.

The Department of Health and Human Services (HHS), entrusted with enforcing HIPAA, openly acknowledges the legislation’s role in facilitating the flow of electronic health data for various purposes. This admission reveals the true intent behind HIPAA: greasing the wheels of data exchange and prioritizing convenience over confidentiality.

Under the guise of HIPAA, those holding patient data wield alarming discretion in determining how this information is used. Long gone are the days when sharing patient data without consent was considered a legal and ethical breach. Instead, HIPAA opens the floodgates to the use of patient data for 12 nebulous “national priority purposes” and hazy “health care operations” — a term so convoluted that its definition is nearly 400 words long.

Under HIPAA, Americans’ personal medical information can be accessed by a whopping 2.2 million entities, including insurance companies, websites, researchers, and government agencies — if those who hold the data choose to share it.

The consequences of this deception are profound. Since HIPAA took effect in April 2003, Americans have maintained a false sense of security regarding their medical privacy.

This betrayal of trust cannot go unchallenged.

The public must be made aware of the truth about HIPAA. We must reclaim our privacy in the exam room, asserting our rights to determine what information is shared and with whom. Furthermore, we must mobilize at the state level to enact stronger privacy laws that supersede the inadequate protections offered by HIPAA.

State legislatures hold the key to safeguarding the privacy and dignity of every American. By strategically using state preemption, we can shield citizens from the tentacles of HIPAA and ensure that our most intimate medical details remain just that — intimate.

The time has come to strip away the lies and confront the harsh reality of HIPAA. Only then can we begin to rebuild a health care system founded on trust, respect, and genuine concern for the well-being of every patient. It is time to reclaim our privacy and expose the deliberate deception of HIPAA, once and for all.

Citizens’ Council for Health Freedom (CCHF) aimed to debunk the HIPAA hoax throughout April by exposing it as a rule that permits extensive data sharing. CCHF’s Truth About HIPAA Campaign featured newly commissioned cartoon artwork, which was released each Tuesday this month on our website and on our Facebook,  Instagram, and Twitter accounts.

To learn more about the Truth About HIPAA Campaign and all of CCHF’s health freedom initiatives, visit


Kristin Matheny

Kristin Matheny is a communications specialist for Citizens' Council for Health Freedom.