Part II of this Comment summarizes the background of the HIPAA statute as an attempted solution to the privacy problem described above, including its legislative history and HHS promulgation of administrative rules. Next, Part III addresses the agency-imposed limitations on the scope of the statute. The Secretary's decision to rely solely on an administrative complaint process, combined with the government's narrow interpretation of the statute granting third parties immunity from penalties, has undermined enforcement of the privacy provision. Accordingly, Part IV discusses previous attempts to circumvent the administrative limitations by creating a private right of action and the reasons these attempts have failed. Finally, Part V argues for a new approach, utilizing the common law tort of inclusion upon seclusion. This approach incorporates the benefits of a private right of action with the standards of the privacy provisions in the HIPAA statute.
Daniel J. Oates, HIPAA Hypocrisy and the Case for Enforcing Federal Privacy Standards Under State Law, 30 SEATTLE U. L. REV. 745 (2007).