The Health Insurance Portability and Accountability Act – or HIPAA as it is usually referred to – is a game-changing legislative Act affecting U.S. healthcare, but what is the purpose of HIPAA?
HIPAA was originally passed in 1996, under the Clinton administration, to ensure that employees would continue to receive health insurance coverage when they were between jobs at separate companies. The legislation also required healthcare outfits to create controls to secure patient data to stop healthcare fraud from being carried out, although it took a number of years for the rules for doing so to be devised.
HIPAA also saw the implementation of many new standards that were intended to positively influence efficiency in the healthcare industry, requiring healthcare outfits to adopt the standards to reduce the amount of paperwork required. Code sets had to be employed along with patient identifiers, which helped pave the way for the simpler transfer of healthcare data between healthcare outfits and insurers, streamlining eligibility checks, billing, payments, and other healthcare workings.
HIPAA also makes illegal the tax-deduction of interest on life insurance loans, enforces group health insurance requirements, and regulates the amount that may be saved in a pre-tax medical savings account.
HIPAA incorporates the requirements of a number of other legislative acts, including the Public Health Service Act, Employee Retirement Income Security Act, and more recently, the Health Information Technology for Economic and Clinical Health (HITECH) Act.
Health Data Privacy and Security
HIPAA is now best known for safeguarding the privacy of patients and ensuring patient data is appropriately made safe, with those requirements brought in with the HIPAA Privacy Rule of 2000 and the HIPAA Security Rule of 2003. The requirement for alerting individuals of a violation of their health information was introduced in the Breach Notification Rule in 2009.
The aim of the HIPAA Privacy Rule was to introduce limitations on the allowable uses and sharing of protected health information, stipulating when, with whom, and on what occasions, health information could be shared. Another chief purpose of the HIPAA Privacy Rule was to give patients access to their health data when they wanted it. The purpose of the HIPAA Security Rule is mainly to ensure electronic health data is properly secured, access to electronic health data is regulated, and an auditable trail of PHI activity is kept.