The Health Insurance Portability and Accountability Act (HIPAA) was first introduced in 1996 by the United States Congress. It was originally designed as legislation that would help to ensure that people who were temporarily out of work would still be covered by health insurance. In subsequent years, the legislation expanded to cover patient data protection in order to prevent incidents of healthcare fraud and identity theft. The role of HIPAA is still evolving, and as it stands it is one of the most important pieces of healthcare legislation in the United States.
HIPAA has had wide-reaching consequences on how the healthcare industry, and related business, handle patient information. Before HIPAA, there was no general consensus amongst healthcare professionals as to how private healthcare information of individuals should be handled. HIPAA introduced several industry-wide standards with the aim to improve efficiency and patient experience in the healthcare industry. One of the major goals of HIPAA was to have healthcare organizations across the country start new practices to reduce the amount of paperwork, thus creating a better work flow. Code sets had to be used along with patient identifiers, which helped pave the way for the efficient transfer of healthcare data between healthcare organizations and insurers. This has had the effect of streamlining eligibility checks, billing, payments, and other healthcare operations. It is hoped that with more efficient management of patient data, the patient’s experience is improved.
HIPAA not only covers the protection of patient data and its transfer between medical centers. Some of its other important, but lesser known rules, covers areas from the banning of tax-deduction of interest on life insurance loans to the standardization of the amount that may be saved in a pre-tax medical savings account.
HIPAA is a comprehensive legislative act incorporating the requirements of several other legislative acts, including:
- the Public Health Service Act
- the Employee Retirement Income Security Act
- the Health Information Technology for Economic and Clinical Health (HITECH) Act
HIPAA Privacy Rule
Most people associated HIPAA with the protection of the privacy of patients and ensuring patient data is stored such that it cannot be accessed by unauthorized individuals. These standards were not in the original HIPAA legislation, but were introduced by the HIPAA Privacy Rule in 2000 and the HIPAA Security Rule in 2003.
The HIPAA Privacy Rule was to create restrictions on how protected health information (PHI) may be used. The rules stipulated when, with whom, and under what circumstances, health information could be disclosed to third parties. Another important purpose of the HIPAA Privacy Rule was to give patients access to their health data on request. Prior to the Privacy Rule’s introduction, patients were not assured to be given their own healthcare information when they asked for it.
The HIPAA Security Rule was introduced nine years after the original HIPAA legislation in order to update the rules in response to changes in technology. The Security Rule is responsible for ensuring electronic health data is appropriately secured, access to electronic health data is controlled, and a trail of PHI activity which may be monitored is maintained.
In the event of a HIPAA violation occurring, covered entities (CEs) must follow the guidelines stipulated in the Breach Notification Rule. This was introduced in 2009 and ensures that individuals affected by a breach of their health information are informed of the incident within an appropriate timeframe of the breach occurring.
HIPAA has faced some controversy by both healthcare and legal professionals. Some claim that it is interfering with the work of medical professionals, who may struggle to comply with HIPAA’s many rules. Others say that the regulation is too tight, particularly when it comes to the disclosure of patient information, and this may adversely affect patient welfare.
Although controversial, it is evident that HIPAA has done much to change the landscape of the healthcare industry in the US since its introduction over two decades ago.