HIPAA's Effect on Web Site Privacy Policies

Abstract

Healthcare institutions typically post their privacy practices online as privacy policy documents. We conducted a longitudinal study that examines the effects of HIPAA's enactment on a collection of privacy policy documents for a fixed set of organizations over a four-year period. We present our analysis of 24 healthcare privacy policy documents from nine healthcare Web sites, analyzed using goal mining, a content-analysis method that supports extraction of useful information about institutions' privacy practices from documents. We compare our results to our pre-HIPAA study of these same institutions' online privacy practices and evaluate their evolution in the presence of privacy laws