What is HIPAA?

HIPAA Origins

The Health Insurance Portability and Accountability Act is one of the most important pieces of healthcare legislation in the United States. HIPAA was first introduced in 1996 by the United States Congress. Legislators originally designed HIPAA to ensure that people who were temporarily out of work would still have access to health insurance. HIPAA has evolved since then to include rules on patient data privacy, data security in the healthcare industry, and data breach responses. Technology is changing rapidly, and healthcare data is facing new threats, HIPAA’s Rules are being updated to provide new protections for patients.

HIPAA Overview

HIPAA has revolutionised how the healthcare industry, and related business, handle patient information. Before HIPAA, there was no consensus amongst healthcare professionals on how to handle private healthcare information of individuals. It was at an organisation’s discretion as to what types of safeguards were placed on patient data. This variety left considerable gaps in security in the healthcare industry.

HIPAA introduced industry-wide standards with the aim to improve efficiency and patient experience in the healthcare industry. One of the primary goals of HIPAA was to have healthcare organisations across the country start new practices to reduce the amount of paperwork, thus creating a better workflow. For example, healthcare officials had to use code sets along with patient

identifiers, which helped pave the way for the efficient transfer of healthcare data between healthcare organisations and insurers. This practice has streamlined eligibility checks, billing, payments, and other healthcare operations. Patient experiences improve when the healthcare system works more efficiently.

HIPAA not only covers the protection of patient data and its transfer between medical centres; it also covers topics ranging from the banning of tax-deduction of interest on life insurance loans to the standardisation of the amount that individuals can place in a pre-tax medical savings account.

HIPAA is a comprehensive legislative act incorporating the requirements of several other legislative acts, including the Public Health Service Act, the Employee Retirement Income Security Act, and the Health Information Technology for Economic and Clinical Health (HITECH) Act.

HIPAA and Data Protection

HIPAA is most famous for its rules covering data privacy. HIPAA introduced new standards for the protection of the privacy of patients. Patient data has a considerable black market value, and organisations must have robust security measures in place to ensure that unauthorised individuals cannot access the information. These standards were not in the original HIPAA legislation but were introduced by the HIPAA Privacy Rule in 2000 and the HIPAA Security Rule in 2003.

The HIPAA Privacy Rule was to create restrictions on how healthcare organisations can use protected health information (PHI). The rules stipulated when, with whom, and under what circumstances, health organisations could disclose PHI to third parties. Another essential purpose of the HIPAA Privacy Rule was to give patients access to their health data on request. Before the Privacy Rule, patients were not assured access to their healthcare information when they asked for it.

Legislators introduced HIPAA Security Rule nine years after the original HIPAA legislation to update the rules in response to changes in technology. The Security Rule is responsible for ensuring electronic health data is appropriately secured, access to electronic health data is limited, and that organisations maintain a trail of PHI activity which may be monitored.

The Breach Notification Rule details what CEs must do in the event of a data breach. The Breach Notification Rule was introduced in 2009 to ensure that organisations inform individuals affected by a breach of the incident within an appropriate timeframe of the breach occurring.

Although HIPAA is a landmark piece of legislation, it has faced some controversy by both healthcare and legal professionals. Some claim that it is interfering with the work of medical professionals, who may struggle to comply with HIPAA’s many rules. Others say that the regulation is too tight, particularly when it comes to the disclosure of patient information, and this may adversely affect patient welfare.

Although controversial, it is evident that HIPAA has done much to change the landscape of the healthcare industry in the US.