HIPAA became enforceable on August 21, 1996 when then U.S. President Bill Clinton signed the legislation into law.
One of the major aims of the legislation was to allow for better portability health insurance coverage – Ensuring employees were still covered by their health insurance when they are between jobs. HIPAA also made healthcare organizations take responsibility for health data and assisted in ensuring that health information remains private and confidential.
HIPAA also tackled wastage in healthcare and helped to cut out fraud and abuse in healthcare delivery and health insurance, while also making the administration of healthcare easier.
HIPAA became law in 1996, but there have been major alterations to HIPAA legislation over the years, most significantly the introduction of the HIPAA Privacy Rule, The HIPAA Security Rule, the incorporation of HITECH Act requirements and the HIPAA Omnibus Rule.
These changes brought in a number of new provisions to HIPAA legislation and helped to ensure that patient privacy was secured, healthcare data was properly secured, patients and plan members were made aware of any breach of their protected health information that takes place, and business associates of HIPAA covered entities also had to ensure that they are in compliance with HIPAA Rules.
The HIPAA Enforcement Rule in 2006 empowered the Department of Health and Human Services’ Office for Civil to enforce HIPAA. As of that time, it has been possible for the HHS to sanction financial penalties for non-compliance with HIPAA Rules.
When did the HIPAA Privacy Rule become Enforceable?
The HIPAA Privacy Rule was originally proposed on November 3, 1999 with the HIPAA Final Privacy Rule of HIPAA being passed into law on December 20, 2000, although amendments were made almost straight away. The most significant date is April 14, 2003 when HIPAA-covered entities were required to ensure that they were adhering with the HIPAA Privacy Rule.
The HIPAA Privacy Rule outlined that was labelled as Protected Health Information (PHI) and regulated the use of PHI by HIPAA covered groups, stating to whom the data could be shared and under what instances. The HIPAA Privacy Rule requires appropriate security measures to be adapted to safeguard the privacy of patients. Patients were also given the right to ask for official copies of the PHI held by HIPAA-covered entities.
When was the HIPAA Security Rule passed into Law?
The HIPAA Security Rule was, following a period of drafting, proposed on August 12, 1998. Following this, the final Security Rule of HIPAA enacted on February 20, 2003. Compliance with the HIPAA Security Rule became obligatory as of April 21, 2006.
The HIPAA Security Rule is mainly focused on the establishment of national standards for security to safeguard electronic protected health information. The HIPAA Security Rule requires administrative, physical, and technical security measures to be put in place to ensure the confidentiality, integrity, and availability of PHI. The HIPAA Security Rule also requires covered entities to complete a risk analysis to discover any possible risks to the confidentiality, integrity, and availability of PHI and to manage those risks and bring them down to an acceptable level.
When was the HITECH Act officially added to HIPAA?
The Health Information Technology for Economic and Clinical Health (HITECH) Act was passed into law on February 17, 2009. Certain elements of HITECH became enforceable the same month, such as higher penalties for violations of HIPAA Rules. Most of the provisions of the HITECH Act became active and were enforceable as of February 27, 2010.
The HITECH Act’s incorporation into HIPAA lead to the creation of the HIPAA Breach Notification Rule which requires covered entities to make individuals aware when their PHI is exposed or compromised. HITECH also required business associates of HIPAA-covered entities to adhere with HIPAA Rules and made them directly accountable for HIPAA breaches.
The HIPAA Omnibus Rule of 2013 introduced many provisions of the HITECH Act into HIPAA with the the HIPAA Omnibus Rule of HIPAA enacted on January 17, 2013. The deadline for final compliance was September 23, 2013.