Fact Check

How Did HIPAA Laws Start?

Rumor: HIPAA Laws started because a senator wanted to cover up his wife's plastic surgery.'

Published Apr 3, 2015

Claim: HIPAA Laws started because a senator wanted to cover up his wife's plastic surgery.


Example: [Collected via email, March 2015]

My boss is convinced that the reason that hipaa laws came into existence, was because of the actions of the wife of a senator, who had cosmetic surgery, and whose medical chart was seen by someone who then spread the word that this woman had cosmetic surgery. She found out and then prompted her husband to do something about it, and he took action and began what we now know as hipaa laws.

Origins: When President Bill Clinton signed the the Health Insurance Portability and Accountability Act (HIPAA) in 1996, a law that set standards for protecting the privacy of individually identifiable health information, some critics were skeptical about the bill's purpose and implementation:

When the HIPAA regulation initially went into effect, it generated significant skepticism, confusion, and even angst. Many in the healthcare industry asked: Would it be possible to provide efficient healthcare and comply with all of HIPAA's requirements? What did protecting the confidentiality of protected health information mean? How would HIPAA be enforced? Would HIPAA interfere with the relationships between patients and healthcare providers?

Out of this initial frustration was born a curious rumor that claimed the law had begun as an attempt to appease the wife of a U.S. senator who wanted to conceal her cosmetic surgery from the public eye. The history of HIPAA has little to do with a self-conscious senator's wife; in fact, when the Kennedy-Kassebaum bill (which would later become HIPAA) was first introduced, the legislation had more to do with modernizing medical records than it did with privacy:

The roots of HIPAA stem from the early 1990s, when it first became apparent that the medical care industry would become more efficient by computerizing medical records. In addition, the industry also needed new standards regarding the management of health care data.

According to an article published by the National Center for Biotechnology Information, HIPAA was initially created with two main goals: To make health care delivery more efficient, and to increase the number of Americans with health insurance coverage. One way this was accomplished was by creating a standard for electronic health records. This allowed patients to change doctors, leave jobs, switch insurance, etc., without unnecessary paperwork. But HIPAA also made health records more accessible, which in turn led to a greater need for privacy laws, so attendant privacy regulations were proposed by the Department of Health and Human Services (HHS) in 1999 and finalized the following year.

HIPAA has a long and complicated history (the legislation was signed into law in 1996 but was continually tinkered with for the next decade) that started when hospitals started switching from paper to digital records. This digitization of medical records, and not a senator's attempt to cover up his wife's cosmetic surgery, led to HIPAA's privacy rules.

Last updated: 3 April 2015


    Nass, SJ   "Beyond the HIPAA Privacy Rule: Enhancing Privacy, Improving Health Through Research."

    National Academic Press.   2009.

    Solove, Daniel.   "HIPAA Turns 10: Analyzing the Past, Present and Future Impact."

    Journal of AHIMA.   April 2013.

David Mikkelson founded the site now known as snopes.com back in 1994.

Article Tags

a Member

Your membership is the foundation of our sustainability and resilience.


Ad-Free Browsing on Snopes.com
Members-Only Newsletter
Cancel Anytime