Like other privacy regulation, it’s there to protect the industry and their business/commercial interests.

Barriers to access mean less controversy, fewer lawsuits, fewer investigative news stories, fewer insurance disputes.

I’d say it’s also designed to reduce contamination or adulteration of data: if every facility needs to do new testing and new evaluation then they can be sure they got the results they need, instead of taking some rando’s word for it.

HIPAA isn’t the most onerous barrier to personal access to records, but it’s a huge hassle for someone who wants it opened up for family, friends, and other entities because those forms are onerous. With good transparency in patient portals, authorized users can manage a lot on their own.

Also, good luck reading anything but textual notes, because imaging and other medical data is often always distributed in proprietary file formats that don’t simply import into Gimp!

HIPAA as a whole is not.

The HIPAA Privacy and Security Rules, which are enforced by a different entity than the rest of HIPAA, are (the bulk of HIPAA is insurance administration rules enforced by the Centers for Medicare and Medicaid Services; the Privacy and Security Rules are personal privacy and information security rules enforced by the DHHS Office of Civil Rights.)

I once joined a health sharing ministry where reviews said "it requires an Olympic-class athlete in paperwork and bureaucracy". Being "not insurance" it was completely DIY and "self-pay" and begging for reimbursements after the fact.

I've also attempted to visit independent PCPs. An independent PCP who isn't part of a major health system, when they refer you out, refers you to some other independent specialist with their own process, their own IT tooling and portal, and their own claims/billing services. Now multiply those specialists by the number of your conditions, or simply the multiplicity of organs in your body, and all the fiefdoms commanded by different medical boards.

I sincerely pity any sane family of 4 or 5, because speaing for myself as an insane family of 1, the process is mind-blowing, byzantine, and frustrating by design, and the gatekeeping is exhausting but, obviously, necessary. Dealing with doctors arguably did not drive me insane, but it certainly helps keep me that way.

Gatekeeping doesn't end with single-payer and socialization, but all this back-and-forth and multiple independent systems should ideally be coalesced into one monolithic Brazil/12 Monkeys sized system.

I pity parents with sick children the most, I suppose. I mean it's bad enough for elderly parents and adult children to handle when they don't love their parents enough. But for parents to care for a sick child enough to funnel them into endless medical appointments, drugs, invasive therapies and even experimental Herr Mengele shit because it's cheap or free, feels like cruelty and exploitation being visited on that family, rather than mercy or healing. I found the Karen Ann Quinlan case (I suppose I was too young to remember when it hit the news before Terri Schiavo) and I found Karen's parents' attitude and comments to be quite poignant. It's called a "right-to-die" milestone, but I consider that the parents advocated for her right to be free from pain and distress associated with unnecessary medical treatment.

HIPAA is a fuckin' bugaboo when you're trying to coordinate care among payors, providers, billers, HIMS admins, family and friends, because all of these parties I mention are compartmentalized and the compartmentalization is nearly as fierce as military/espionage systems, except there's usually not a guy sitting next to the curtain wielding a semiautomatic rifle.