What is HIPAA?

HIPAA refers to the legislative act the ‘Health Insurance Portability and Accountability Act’ which was passed into law in the United States by President Bill Clinton’s administration on August 21, 1996.

In its original form, HIPAA was aimed at reforming the healthcare industry while also:

  1. Seeing to it that when employees were moving from one post to another in a different company they would retain healthcare coverage. This is what is referred to as Portability, the ‘P’ in HIPAA.
  2. Seeing to it that the security and confidentiality of health information is maintained. This is what is referred to a Accountability, the first ‘A’ in HIPAA.

HIPAA put in place a number of standards formulated to simplify healthcare transactions, with a special focus on electronic data transmission. Due to this HIPAA listed the use of specific code sets and identifiers.

Over the past 21 years, HIPAA has been evolved and introduced a number of pivotal amendments that healthcare outfits must follow to ensure the privacy of patients is protected, sensitive data is kept secure at all times, and should such a data breach occur, affected individuals are required to be made aware of this notified.

The most significant amendments of HIPAA were passed in in 2003, the introduction of the HIPAA Privacy Rule, and 2006, the introduction of the HIPAA Security Rule. The Privacy Rule introduced a range of provisions that limit the allowable uses and disclosures of ‘Protected Health Information’ or PHI. The Security Rule governs access to healthcare data and safeguards to prevent accidental or intentional sharing of PHI to unauthorized persons. The Security Rule also requires covered outfits to permanently destroy PHI when it is no longer needed.

Following the signing into law of the HITECH Act in 2009, the Breach Notification Rule has to be obeyed. This states that notifications MUST to be sent in the event of data breaches and extending HIPAA requirements to business associates. More HITECH requirements and other updates were brought in following the passing of the Omnibus Rule in 2013.

HIPAA ensures patients’ personal information and health data is protected at all times, whether it is at rest or in transit. HIPAA means patients can request and be given copies of their health data and that they be made aware when their protected health information is accessed or obtained by unauthorized persons.