Thoughts from Dr. Sean Kelly on HIPAA’s 29th Anniversary
The Health Insurance Portability and Accountability Act (HIPAA) was signed into law in 1996 to safeguard patient identifiers and ensure the privacy of sensitive health data. Twenty-nine years later, the healthcare ecosystem looks dramatically different, with Electronic Health Records (EHRs), sprawling mobile device fleets, and an increasingly interconnected landscape where hospitals rely on a growing number of vendors and third parties—fundamentally changing both the patient care experience and the threat landscape.
Against this backdrop, Dr. Sean Kelly, Imprivata Chief Medical Officer and SVP of Customer Strategy, also a practicing emergency physician, reflects on why HIPAA remains as relevant as ever, sharing his perspective on how the evolving digital environment heightens the urgency of protecting patient privacy and ensuring patient safety.
“Healthcare is now one of the most targeted industries for cyberattacks, and as hospitals increasingly turn to shared-use devices to enhance efficiency, they’re introducing more endpoints than ever,” said Dr. Kelly in a recent Security Magazine article. “Without stronger access controls, real-time tracking, and formal governance, shared mobile devices could expose organizations to both cybersecurity threats and regulatory penalties under HIPAA.”
But these risks also extend far beyond the walls of the hospital. As healthcare grows more interconnected, vendor risk management has also become a cornerstone of achieving HIPAA compliance, with third parties and contractors often holding the same keys to patient data as internal staff.
Without credential management, patient privacy monitoring, continuous threat detection, and Zero Trust Network Access (ZTNA) principles, organizations face elevated exposure to insider threats, compliance reporting gaps, and costly data compliance failures. Dr. Kelly emphasizes that protecting patient safety requires a holistic identity and access management strategy that secures every user and device across the healthcare ecosystem—without compromising workflow efficiency.
“The challenge isn’t just locking systems down, it’s doing so in a way that preserves the speed and accessibility clinicians need. Healthcare organizations must modernize their security strategies to ensure that the efficiency gains from shared technology never come at the cost of patient privacy or HIPAA compliance,” said Dr. Kelly.