Skip to content

Note: HIPAA-Cratic or HIPAA-Critical: U.S. Privacy Protections Should Be Guaranteed By Covered Entities Working Abroad

By Grace Fleming. Full text here.

Clinical research has increasingly moved outside of U.S. borders sparking debate over the legal and ethical requirements for clinical researchers and research sponsors conducting studies overseas. Parallel to overseas research expansion, privacy and privacy rights in healthcare are being recognized as fundamental rights. The strength of privacy protections is being tested as medical records are increasingly electronic and transferable. The Health Insurance Portability and Accountability Act (HIPAA) was promulgated to ensure privacy of medical records, but the regulations are unclear concerning whether those privacy protections apply to research subjects participating in American studies conducted abroad. As overseas research expands, and medical records privacy becomes more important, so does the necessity of resolving this confusion. This Note argues for guidance from the Department of Health and Human Services clarifying that HIPAA does apply to a covered entity whether they are working in the United States or abroad.

While this regulatory requirement faces barriers, these barriers can be mitigated. The ethical argument in favor of implementing HIPAA abroad demonstrates that privacy protections are a necessary part of all human subjects research. The government must respond to this gap by expanding privacy protections.