Pros and cons of HIPAA: key benefits and hidden drawbacks

Last Update Date: September 11, 2025

Summarize with:

If you’re a healthcare provider or insurer, you already know how important the Health Insurance Portability and Accountability Act, better known as HIPAA, is in the industry. It’s the standard law for protecting the privacy and security of an individual’s protected health information (PHI). PHI refers to data that can identify a patient and relates to their health status, healthcare provision, or payments for healthcare services.

It was August 21, 1996, when the US Congress enacted HIPAA and President Bill Clinton signed the bill. Originally, the goal was to solve the problem of “job lock,” where individuals felt compelled to stay in a job simply to keep their health insurance coverage.

Over time, HIPAA evolved into a regulatory framework. Today, it standardizes the electronic transmission of health information, safeguards patient privacy, and promotes security measures. Not only that, but it also improves the portability and accountability of health insurance coverage.

For anyone managing PHI, understanding the pros and cons of HIPAA is key. In this post, we’ll dig into what exactly HIPAA is, exploring where it benefits patients and where it can cause challenges for healthcare providers.

Advantages of HIPAA

Many healthcare organizations recognize the benefits of HIPAA compliance not just for themselves but also for their patients. Yet many also fail to understand the “why” and “how” behind it. Here are some key HIPAA advantages:

Enhances patient privacy: HIPAA protects patients’ sensitive health information from unauthorized access. It requires healthcare providers to limit PHI access to only those who need it to deliver care. This builds trust between patients and healthcare professionals, making patients feel more at ease when sharing their personal information for diagnosis or treatment.
Strengthens data security: HIPAA has detailed security requirements such as encryption of electronic records, secure login protocols, and audit trails that monitor access to PHI. Today, many platforms like Jotform come with encrypted HIPAA-friendly form builders, which protect data during transmission and storage, ensuring confidentiality even in a digital environment.
Standardizes data handling: Before HIPAA, health data transactions were inconsistent and varied widely. HIPAA’s administrative system created uniform code sets and identifiers, which streamline billing and record sharing. This reduces errors and improves processing speed across healthcare systems.
Ensures legal accountability: HIPAA holds covered entities and business associates legally responsible for protecting PHI. In case of any breach or issue of noncompliance, organizations face steep penalties. This accountability forces healthcare entities to take privacy seriously and invest more in security measures.
Supports patient rights: HIPAA empowers patients by granting them rights such as the ability to review their health records, request corrections, and receive notifications in case of data breaches. This transparency helps patients stay informed and in control of their own health data.
Reduces fraud and abuse: HIPAA’s security and privacy rules help prevent various types of healthcare fraud. For instance, secure authentication measures prevent unauthorized users from fraudulently accessing benefits or submitting false claims. This, as a result, eliminates the risk for identity theft and billing fraud.
Facilitates secure information sharing: HIPAA ensures that PHI is shared between providers and authorized parties like insurance companies without any leaks. Jotform’s HIPAA compliance features support secure form submissions and data sharing, allowing you to collaborate efficiently.
Supports digital health innovations: Today’s healthcare system relies on digital tools. HIPAA provides a helpful framework that tech companies use to build HIPAA-friendly apps. These tools help healthcare organizations meet regulatory demands.
Improves interoperability (to an extent): While HIPAA doesn’t guarantee full system interoperability, it promotes standards like the use of National Provider Identifiers (NPIs) and standardized transaction formats. This helps different healthcare IT systems communicate more effectively.
Boosts patient confidence: Patients who know their health information is protected are more likely to be open about sensitive issues. This honesty empowers healthcare providers to make better diagnoses and treatment plans.
Promotes workforce training: HIPAA mandates ongoing training programs to educate staff on data privacy and security. Regular training helps reduce human errors, which in turn can reduce data breaches.
Creates a regulatory framework for business associates: HIPAA requires third-party vendors who handle PHI, such as billing companies or cloud providers, to implement proper safeguards. This extends the protection network beyond direct healthcare providers.

Disadvantages of HIPAA

While HIPAA has many advantages, especially for patients, it also comes with a set of disadvantages for healthcare organizations. These challenges make understanding the pros and cons of HIPAA even more important.

Here are some key disadvantages from HIPAA that healthcare providers must manage:

Involves high administrative costs: Proper HIPAA compliance requires healthcare organizations to invest in new technologies and a more skilled workforce. They have to onboard compliance officers and conduct regular risk assessments and audits. These small yet critical changes may come with high costs, forcing organizations to divert resources from patient care to compliance.
Requires a complex regulatory environment: HIPAA regulations are extensive and sometimes difficult to interpret. This complexity requires dedicated legal and compliance expertise to ensure full adherence, which can overwhelm smaller organizations.
Slows workflow: The need to verify a patient’s HIPAA consent, restrict data sharing, and follow strict access controls can add more to administrative workflows. This slows down processes like referrals or information exchange, which is extra critical in emergencies.
Leaves less coverage for emerging technologies: HIPAA primarily regulates covered entities and their business associates, which often excludes consumer health apps, fitness trackers, and other wellness devices. This creates gaps where sensitive health data on popular platforms may lack proper protections.
Involves innovation barriers: Strict compliance requirements may prevent startups or developers from rapidly deploying new healthcare technologies. The constant fear of violating HIPAA rules may slow down progress in digital health innovation.
Creates a burden on small practices: Smaller healthcare providers often lack the personnel or financial resources to fully implement and maintain HIPAA compliance programs. This can cause operational strain or even lead to unintentional violations.
Restricts information sharing: HIPAA sometimes restricts the sharing of patient information, even when it might be beneficial for care coordination. This can result in fragmented care or delays if proper authorizations are not quickly obtained.
Requires heavy documentation requirements: HIPAA mandates documenting policies, training sessions, risk analyses, and incidents. These requirements can add considerable paperwork and administrative overhead for staff.
Necessitates ongoing training demands: As HIPAA rules and technologies evolve, organizations must continually update their staff training programs, which can create ongoing time and cost commitments.
Lacks absolute data protection: Despite safeguards, healthcare organizations remain targets for cyberattacks. For example, ransomware and phishing attempts continue to compromise PHI. While HIPAA does reduce the risks, it does not completely eliminate them.
Creates patient dissatisfaction: Patients may feel frustrated by HIPAA’s restrictions if they experience delays in accessing their own data. Some patients can also feel that care providers are being overly cautious in sharing information.
Allows conflicts with other laws: Healthcare organizations often struggle to navigate conflicts between HIPAA and state privacy laws or emerging regulations like GDPR. This creates complications, especially in multi-jurisdictional contexts.

As a healthcare administrator or compliance officer, you must weigh the various pros and cons of HIPAA to make informed compliance decisions.

What HIPAA doesn’t do

HIPAA provides necessary protection to patients and healthcare organizations, but there are some aspects of health data security that it doesn’t cover. The following are a few HIPAA limitations:

No “recalling” shared data

Once PHI has been shared according to HIPAA rules, there is no mechanism within HIPAA to retract or “unsend” that information.

For example, suppose a patient’s medical records are securely transmitted to a specialist or insurer. In that case, the sender cannot later demand the deletion or return of that data from the recipient’s system. This means healthcare providers must carefully consider when and how PHI is shared to avoid unintended consequences.

No universal interoperability

HIPAA establishes standards for certain aspects of electronic transactions, but it doesn’t guarantee full interoperability of healthcare information systems. In practice, this means different electronic health record (EHR) platforms may still struggle to seamlessly exchange data due to variations in software, data formats, or technical infrastructure.

This lack of universal interoperability can create barriers to efficient data sharing and comprehensive patient care coordination.

Limited protection scope: Covered entities and business associates only

HIPAA’s protections only apply to covered entities, which includes healthcare providers, health plan companies, and healthcare clearinghouses, along with their business associates who handle PHI on their behalf.

However, if they don’t fall under these categories, the law doesn’t cover health-related apps or services that patients might use, such as mobile health applications, wearable fitness trackers, or wellness platforms. This means that sensitive health information collected outside traditional healthcare settings might not be subject to HIPAA’s privacy and security safeguards.

Exclusion of health-adjacent technologies

HIPAA does not govern many consumer health technologies like trackers and smartwatches, which collect personal health data. Although these tools can gather significant amounts of information, they usually operate under less stringent privacy laws or user agreements rather than HIPAA regulations.

No absolute guarantee of data security

Despite HIPAA’s detailed security rules and compliance requirements, it cannot guarantee that data breaches or leaks will never happen. Cybersecurity threats, such as ransomware attacks, phishing scams, insider breaches, or human errors, still pose risks to PHI security in healthcare organizations.

Yes, HIPAA compliance lowers the risk of breaches, but it does not eliminate them entirely.

Balance compliance rigor and workflow efficiency with Jotform

HIPAA lays out critical privacy, security, and legal frameworks to protect patient health information and standardize healthcare data management. Yet, as with any regulation, it introduces administrative burdens and coverage gaps that challenge organizations to stay compliant without sacrificing workflow efficiency.

Healthcare providers and administrators benefit most from this law when they properly understand the pros and cons of HIPAA. They must establish a culture that naturally evolves with ongoing training and policy reviews.

If you’re hesitant, tools that enable HIPAA compliance, like Jotform, are here to help. These tools streamline PHI capture and sharing processes while maintaining necessary safeguards.

With Jotform, you get a wide range of HIPAA-friendly features. Patients can make safe online payments through payment processors like Square, Stripe, and Authorize.net. They can also sign documents digitally and easily upload documents or images through forms. You can even create a HIPAA-friendly form for social media and other digital channels.

On top of that, Jotform Tables enables healthcare providers to store, organize, and manage critical data in a HIPAA-friendly online database. You can also generate live reports via Jotform Report Builder.

Sound great? Sign up on Jotform now to enable compliance with HIPAA without disrupting your administrative workflow.

Frequently Asked Questions

Should I agree to HIPAA?

HIPAA sets the legal foundation for protecting patient information and ensuring privacy and security. Organizations must comply with HIPAA by law, but patients do not “agree” to HIPAA per se. However, patients should be informed about their HIPAA rights and how their data is handled. For specific situations, consulting legal counsel is advisable.

Can HIPAA ever be violated?

Yes, HIPAA violations occur when covered entities or business associates fail to safeguard PHI as required. Violations can result from unauthorized disclosures, inadequate security measures, or failure to comply with regulatory rules. These practices lead to legal penalties.

Who benefits from HIPAA?

HIPAA benefits patients by protecting their privacy and giving them control over their health information. Healthcare providers benefit through legal frameworks that set clear expectations for handling PHI, reducing fraud, and fostering patient trust.

This article is for healthcare administrators, compliance officers, legal teams, and anyone who wants to understand the practical benefits and limitations of HIPAA to better manage protected health information in a secure and legally responsible way.

Was this article helpful?

Yes (0)

No (0)

We're sorry to hear that. What problem did you have with the article?

How can we improve this article?

What did you like best about this article?

AUTHOR

Jeffrey Weishaupt

Jeff is a seasoned technology professional based in Florida. He writes on the topics of business, technology, personal finance and digital marketing. After earning his bachelor's in Management Information Systems with a minor in Business, Jeff spent 15 years working in technology. He's helped businesses from startups to Fortune 100 companies bring software products to life. When he's not writing or building software, Jeff can be found reading or spending time outside with his kids.

RECOMMENDED ARTICLES

What Is HIPAA Compliance?

TherapyNotes vs SimplePractice: A practitioner weighs in

How to schedule patients effectively

Jotform is your online forms solution that enables HIPAA compliance

How to evaluate HCAHPS surveys with star ratings

Best free HIPAA training materials for 2025

Avoid costly fines with this HIPAA compliance checklist

Use the best fax services that help with HIPAA compliance

HIPAA-friendly online forms instead of sign-in sheets

How to do a head to toe assessment

CareCloud vs Athenahealth: Refreshing your medical software stack

Does FaceTime enable HIPAA compliance?

5 best software tools for doctors in 2025

Best email providers to enable HIPAA compliance for small practices

The 5 most common HIPAA-compliance mistakes and how to overcome them

What is an intake form for counseling?

Best HIPAA-friendly survey tool: Jotform

Healthie: A comprehensive review of pricing and features

Top 5 medical survey portals to earn extra money

10 best HIPAAtizer alternatives in 2025

How to design a HIPAA-friendly website

What are the consequences of a HIPAA violation?

How to become a holistic health coach

Does sending patient information via text violate HIPAA?

The 10 best cloud storage solutions that help with HIPAA compliance

What is a BAA?

How to make things easier for your intake coordinator

Exploring AxisCare’s pricing and value for home care management

TherapyNotes vs TheraNest

How can you prevent medical identity theft

3 best VoIP providers that can help you with HIPAA compliance in 2025

CareCloud in 2025: Pricing, features, and alternatives

How to improve your patient onboarding process

What makes e-signatures HIPAA-friendly?

Best text messaging and chat apps that enable HIPAA compliance

Top 7 Power Diary alternatives in 2025

How the health industry is using Jotform and Zoom to help patients

EMR vs EHR: What’s the difference?

Mark Your Calendars: Jotform for Healthcare Providers Webinar

10 best healthcare compliance software solutions for 2025

Does Square enable HIPAA compliance?

Creating newsletters for your health and fitness business

How Dr. Miami uses Jotform to collect patient information

The top 10 medical apps for doctors

Using a limited data set under HIPAA for research

6 secure healthcare messaging apps in 2025

The best patient communication software

6 ways to improve patient communication

How long should healthcare providers keep medical records?

Which institutions are HIPAA covered entities?

What is an audit trail in healthcare?

4 ways of protecting patient privacy

How to create an intake form in Word

10 email alternatives that help with HIPAA compliance for therapists

Does HIPAA apply to schools and educational institutions?

What is doctor-patient privilege?

Announcing the new Jotform Health app

What you need to know about HIPAA and HITECH

How is HIPAA applied to electronic health records (EHR)?

Solutionreach vs Demandforce

App development that helps with HIPAA compliance

Webinar: 3 ways to digitally transform your healthcare practice

Which states used Jotform to screen for COVID-19 symptoms?

5 data-collection tools for healthcare organizations in 2025

SimplePractice vs TheraNest: A side-by-side comparison

The 5 best HIPAA One alternatives in 2025

Healthcare automation: Improving practice productivity

What is doctor-patient confidentiality and how will it affect your practice?

How to conduct a HIPAA risk assessment

How to get physician referrals to your medical practice

Does Dropbox enable HIPAA compliance?

7 ways to increase patient satisfaction

Improving care coordination while enabling HIPAA compliance

HIPAA compliance rules for pharmacies

8 of the best WordPress plug-ins for health coaches

7 ways to improve hospital workflows

How to improve the counseling intake and assessment process

What is an encounter form?

How to prepare for a new patient

What is protected health information (PHI)?

How does HIPAA fit into medical ethics?

How to improve patient outreach

What is the HIPAA Omnibus Rule?

5 best billing software tools for doctors in 2025

The pros and cons of using self-service kiosks in healthcare

How to improve your patient intake process in 3 steps

Lighthouse 360 vs Solutionreach

What are the main types of HIPAA-friendly forms?

5 popular patient satisfaction surveys

How to keep psychotherapy notes in a HIPAA-friendly manner

Announcing free unlimited HIPAA accounts for coronavirus responders

12 examples of unintentional HIPAA violations

How to facilitate a group therapy session online

How to collect patient-reported outcomes with online forms

7 times you need to use a HIPAA medical records release form

The 9 best software products that help with HIPAA compliance

How to improve your hospital’s HCAHPS scores

How to create a HIPAA-friendly home office

How to take patient history with online forms

How to improve patient screening

Send Comment:

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Be the first to comment.