The HIPAA Privacy Rule 15 Years Later: What’s Next?

Actions Panel

The HIPAA Privacy Rule 15 Years Later: What’s Next?

By Future of Privacy Forum, Intel, & Duke in DC

When and where

Date and time

Tuesday, December 4, 2018 · 9am - 12pm EST


Duke in DC 1201 Pennsylvania Ave Suite 500 NW Washington, DC 20004


The Future of Privacy Forum, Intel, & Duke in DC invite you to participate in the “The HIPAA Privacy Rule 15 Years Later: What’s Next?” on December 4th from 9:00 am – 12:00 pm in Washington, DC. The event will take place at Duke in DC, located at 1201 Pennsylvania Avenue NW, Suite 500, Washington, DC 20004.

About the Workshop:

Fifteen years ago, the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule came into effect for covered entities. Over the past 15 years, the only major change to the HIPAA Privacy Rule occurred in 2013 when HHS issued the Omnibus Final Rule, which made the HIPAA Privacy Rule directly applicable to business associates. However, the Omnibus Final Rule did not address what many critics view as barriers to sharing data, which may hinder efforts to encourage providers to adopt electronic health technology, and did not address gaps that are a result of recent technological advances.

Recently, HHS published a notice of a request for information (RFI), "HIPAA Privacy: Request for Information on Changes to Support, and Remove Barriers to, Coordinated Care." The RFI seeks to solicit the public’s views on how the HIPAA Rules should be updated to mitigate potential barriers that limit or discourage coordinated care and case management among hospitals, physicians, payors, and patients, or otherwise impose regulatory burdens that may impede the transformation to value-based health care without providing commensurate privacy or security protections for PHI. Under HIPAA, HHS has the authority to modify the privacy standards as the Secretary deems appropriate.

In light of these gaps and the upcoming RFI, we are bringing together relevant stakeholders to discuss what changes to the HIPAA Privacy Rule could and should look like.

Agenda at a glance:

9:00-9:15 - Coffee/Breakfast

9:15-9:30 - Welcome and Opening Remarks

  • Jules Polonetsky, Future of Privacy Forum
  • Arti Rai, Duke Law School

9:30-10:30 - Panel 1: Reducing Burdens and Enhancing Care

  • Stan Crosley, Information Accountability Foundation (Moderator)
  • Marcy Wilder, Hogan Lovells
  • Paul Westfall, AMA
  • Morgan Reed, ACT - The App Association

10:30-10:45 - Break

10:45-11:45 - Panel 2: Enabling Research and Maintaining Privacy

  • Mario Romao, Intel (Moderator)
  • Maya Bernstein, HHS
  • Kim Gray, IQVIA
  • Kirk Nahra, Wiley Rein

11:45-12:00 - Closing Remarks

  • David Hoffman, Intel

Email for more info. A light breakfast will be served.

About the organizer

The Future of Privacy Forum is a non-profit organization that serves as a catalyst for privacy leadership and scholarship, advancing principled data practices in support of emerging technologies. For more information, visit: 

Duke in DC is Duke University’s embassy in the nation’s capital that works with policymakers, academics, researchers, alumni and the higher education community to advance the intellectual life of the university beyond campus. For more information, visit:

Intel, a leader in the semiconductor industry, is shaping the data-centric future with computing and communications technology that is the foundation of the world’s innovations. The company’s engineering expertise is helping address the world’s greatest challenges as well as helping secure, power, and connect billions of devices and the infrastructure of the smart, connected world. For more information, visit: