HIPAA, an acronym of the Health Insurance Portability and Accountability Act of 1996, is a legislative act that had the chief aim of enhancing portability and accountability of healthcare coverage for workers moving between jobs. HIPAA also helped to guarantee that workers with pre-existing health conditions were provided with health insurance coverage.
HIPAA also brought in new standards that healthcare organizations were obligated to follow to reduce the paperwork burden and make easier the administration of health insurance. The HIPAA administrative simplification regulations streamlined billing, sending and receiving payments, and proving eligibility. They also assisted in ensuring the seamless move from paper to electronic health records and transitions.
From its introduction in 1996, there have been many major updates to HIPAA, notably the HIPAA Privacy Rule, the HIPAA Security Rule, the HIPAA Enforcement Rule, the addition of the Health Information Technology for Economic and Clinical Health (HITECH) Act requirements (The HIPAA Omnibus Final Rule), and the Breach Notification Rule.
Since these changes were made to HIPAA, it now more commonly linked with protecting patient privacy and ensuring safeguards are implemented to ensure the confidentiality, integrity, and availability of electronic protected health data.
The HIPAA Privacy Rule lists the permitted uses and disclosures of protected health information and gives patients permission to obtain copies of their health data.
The HIPAA Security Rule includes electronic protected health data, and the security measures that must be put in place to keep the information secure and open at all times.
The HIPAA Enforcement Rule delegated the the power to enforce HIPAA Rules and issue financial penalties for noncompliance to the Department of Health and Human Services’ Office for Civil Rights.
The Omnibus Rule brought in a range of changes to HIPAA Rules, incorporating the HITECH Act and making business associates of covered entities directly accountable for HIPAA breaches.
The Breach Notification Rule says that covered entities must report all breaches of protected health information to the Office for Civil Rights and issue alerts to the victims of those breaches.