When did HIPAA become enforceable?

The Health Insurance Portability and Accountability Act was a game changing piece of legislation that was, at first, intended to simplify the administration of healthcare, cut wastage and stop healthcare fraud, and to ensure insurance coverage was not redundant when employees were between jobs.

When Did HIPAA Take Become Enforceable?

HIPAA was passed into law by President Clinton on August 21, 1996, although HIPAA has been amended several times over the past two decades and many new provisions have been added to improve privacy protections and security to ensure health information remains private.

The main updates to HIPAA are summarized here.

The HIPAA Privacy Rule

The HIPAA Privacy Rule was a major amendment to HIPAA and brought in many of the aspects for which HIPAA is famous today. The HIPAA Privacy Rule defined ‘Protected Health Information (PHI), patients were given the right to obtain copies of their protected health information from HIPAA covered groups, and strict rules were introduced on the allowable uses and sharing of PHI.

When did the Privacy Rule of HIPAA become live? The HIPAA Privacy Rule became live on April 14, 2003, although small health plans were given an extra year to comply and had a compliance date of April 14, 2004.

The HIPAA Security Rule Explained

While the HIPAA Privacy Rules was relating to defining protected health information and putting rules in place to protect the privacy of patients and health plan holders, the HIPAA Security Rules were related to ensuring administrative, physical, and technical security measures were introduced to protect healthcare data and ensure its confidentiality, integrity, and availability.

When did the Security Rule of HIPAA become live? The HIPAA Security Rule became live on April 21, 2005 for most HIPAA covered groups. Small health plans were agiven another year and their date for compliance with the Security Rule was April 21, 2006.

The HIPAA Enforcement Rule Explained

The HIPAA Enforcement Rule was passed in March 2006. While this amendment to HIPAA did not involve any new provisions for covered groups, it did have a major impact. The HIPAA Enforcement Rule allowed the Department of Health and Human Services’ Office for Civil Rights to look into complaints and data breaches and pursue civil and criminal charges for HIPAA breaches.

HITECH Act and the Breach Notification Rule Explained

The Health Information Technology for Economic and Clinical Health (HITECH) Act was passed into law on February 17, 2009 and was aimed at promoting the adoption of electronic health records by offering incentives to healthcare groups for changing to electronic health records. The HITECH Act also introduced new obligations for the disclosure of breaches and saw the Breach Notification Rule added to HIPAA. The Breach Notification Rule requires individuals to be alerted of breaches within 60 days of discovery of the breach.  The HITECH Act also obligated business associates of HIPAA covered entities to comply with HIPAA Rules.

The HIPAA Omnibus Final Rule Explained

While the HIPAA Omnibus Final Rule did not bring in much in the way of new legislation, it did involve major updates to HIPAA to plug some holes in HIPAA and the HITECH Act and to clear up some gray areas which HIPAA-covered entities were struggling to come to terms with. The HIPAA Omnibus Final Rule further clarified certain regulations to take technological advances into account, such as the rise in use of mobile devices.

Patients were given permission to obtain copies of their PHI in electronic form, and the maximum penalties for HIPAA violations were made higher.

When did the Omnibus Final Rule of HIPAA become active? The HIPAA Omnibus Final Rule became active effect on March 26, 2013 with a compliance date of September 23, 2013