What does HIPAA refer to? HIPAA is an acronym of the Health Insurance Portability and Accountability Act – a legislative act that was passed into law in the United States by Bill Clinton on August 21, 1996.
At first, HIPAA was passed to reform the healthcare sector and had two main aims: To ensure that when staff members were between jobs, they would still be able to maintain healthcare coverage – the P in HIPAA – Portability. The second objective was to ensure the security and confidentiality of health data – the first A in HIPAA – Accountability.
HIPAA incorporates standards that were aimed at simplifying healthcare transactions, in particular, in relation to electronic data transmission. These incorporated the use of specific code sets and identifiers.
Over the past 20 years, HIPAA has evolved and now includes many new rules that healthcare groups must follow to ensure the privacy of patients is protected, sensitive data is kept secure at all times, and in the event of a data breach, affected individuals are alerted.
Major amendments of HIPAA Rules took place in 2003 with the introduction of the HIPAA Privacy Rule and in 2006 with the passing of the HIPAA Security Rule. The Privacy Rule included a number of provisions that restrict the allowable uses and disclosures of ‘Protected Health Information’ or PHI. The Security Rule covers access to healthcare data and safeguards to stop accidental or intentional disclosures of PHI to unauthorized people. The Security Rule also obligates covered entities to permanently destroy PHI when it is no longer necessary.
Following the passing of the HITECH Act in 2009, the Breach Notification Rule was introduced, requiring alerts to be issued in the event of data breaches and extending HIPAA requirements to business associates. More HITECH requirements and other updates were passed with the Omnibus Rule in 2013.
So, what does HIPAA mean for healthcare patients? HIPAA means patients’ personal information and health data is always safeguarded, whether at rest or on the move. HIPAA means patients can obtain copies of their health data on request, and that they will be alerted if their protected health information is accessed or obtained by unauthorized people.