The HIPAA privacy rule (HIPAA) has had both positive and negative effects on the release of patient information by healthcare facilities. Although the intention of HIPAA was to protect patient privacy and to promote security and confidentiality of patient information, it has had unintended consequences for facilities. To identify some of these unintended effects, two expert panels of health information management directors from healthcare facilities participated in the nominal group technique meetings. They identified 70 barriers related to release of patient information associated with the implementation of HIPAA. The perceived biggest barriers were increases in the public's misunderstanding about release of patient information, lack of an umbrella policy or regulation defining infractions and enforcement that allows individual institutions to make their own interpretations, and challenges to health information management professionals in controlling safeguards related to release of information given the transition to electronic health records and the increased involvement of information technology. The findings from this study suggest there is a need for additional clarification of the regulations governing HIPAA, standardized instructions, and extensive training of healthcare workers.