What Is HIPAA and Where Did It Originate?

The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that President Clinton signed in 1996. This Act ensures that individuals can renew or obtain health insurance in the event of job loss or change. This ensures portability across employment settings and would reduce, if not eliminate, discrimination against people who have a preexisting medical condition. This legislation was expanded to include administrative simplification as well as healthcare abuse and fraud, with the majority of the focus on issues concerning the privacy of patients’ health information.

Administrative simplification falls into two categories: standardising shared electronic information and protecting the privacy and security of patient information stored in the electronic medical record. The Privacy Rule was inspired by the need to protect the privacy of patient information. The Privacy Rule was issued by the United States Department of Health and Human Services (HHS) as a requirement of the Health Insurance Portability and Accountability Act of 1996. The requirements are outlined in the HIPAA Privacy Rule Summary.

On November 3, 1999, the HHS issued a proposed rule defining privacy standards for individually identifiable health information. The proposed rule was made available to the public for comment, and the number of comments received exceeded 52,000. In response to the proposed rule, these comments were organised and generated. The HHS considered the comments and issued a final rule on December 28, 2000, formally establishing the standards for Privacy of Individually Identifiable Health Information, also known as the Privacy Rule.

The Privacy Rule standards address the use and disclosure of protected health information, which is information about an individual’s health. Organizations that must demonstrate compliance with privacy standards for individuals’ privacy rights must understand and control the use of their patients’ health information. The Privacy Rule establishes guidelines for the access, use, and disclosure of personal health information.

The O’Neill Institute (2009) drafted an Executive Summary that defines the Privacy Rule’s final goal: to ensure that an individual’s health information is easily accessible to healthcare providers who are authorised to access the information, as well as that the individual’s health information is kept confidential and protected from inappropriate use.

Since the Privacy Rule’s enactment, there has been a great deal of confusion and misunderstanding about how the Privacy Rule applies to various situations. The final Privacy Rule was enacted in 2001, and special guidelines were drafted to address concerns about the Privacy Rule’s application to specific healthcare activities. The Office for Civil Rights is part of the HHS (OCR). This office is in charge of implementing and enforcing the Privacy Rule in terms of compliance activities. Healthcare organisations face monetary penalties for noncompliance.

The privacy practises notice must be in writing, and patients must be informed of their rights in relation to their personal health information. These rights included access to medical records, amendment of information contained in their personal medical record, an accounting of individuals who had access to their medical information, and a special request to limit disclosure of sensitive information. When the electronic health record began to emerge, new concerns about the security of health information had to be addressed on a different level.

In 2009, Congress passed the American Recovery and Reinvestment Act (ARRA). The ARRA included the Health Information Technology for Economic and Clinical Health (HITECH) Act. The goal of funding this initiative was to develop advanced health information technology that would be used throughout the country, and organisations would be incentivized to participate and adopt a culture that represented advanced health information organisations. Healthcare facilities are expected to have a certified electronic health record in place that complies with HIPAA, the Privacy Rule, HITECH, and ARRA. If this is accomplished, the healthcare facility will receive additional funding to help with patient care. The complete implementation of an electronic system is expected by the end of 2020.

Rachel Cartwright-full Vanzant’s name is Rachel Cartwright-Vanzant. For over 15 years, I’ve been speaking to healthcare organisations, What Are 3 Major Things Addressed In The HIPAA Law? and at national conferences. I’ve written resource books for legal nurse consultants as well as articles for peer-reviewed journals.