HIPAA – The Basics
Most people are already aware of HIPAA because of the annual privacy consent forms. HIPAA changed more than privacy consent forms. In the twenty years since it was signed, the Healthcare Health Insurance Portability and Accountability Act has changed how healthcare organizations operate. Here’s what you need to know.
Was It Always Called HIPAA?
No. The bill was originally named the Kennedy-Kassebaum bill after its two authors, Senator Edward Kennedy of Massachussets and Senator Nancy Kassebaum of Kansas. It is now known as the Healthcare Insurance Portability and Accountability Act, or HIPAA for short.
When Was It Passed?
President Bill Clinton signed this bill in 1996. Major provisions of the bill were implemented between 1999 and 2006.
Why Was It Written?
In the mid-1990s, it became clear that the healthcare industry needed to modernize and standardize how they kept records. The authors also included provisions to make it easier for employees to keep health insurance after leaving a job. The original intent of the bill was to address these concerns.
What Did People Think?
Three years earlier, a comprehensive healthcare reform bill failed.
When this bill passed, opinions were split. Although it wasn’t exactly what they wanted, proponents felt that this bill was still a win. Opponents were skeptical of the need for the bill. Many felt like it set new standards for the healthcare industry that were too high.
How Many Components Are There?
There were four sets of rules included in the original HIPAA regulations: The Privacy Rule; The Transaction and Code Sets Rule; The Security Rule and The National Provider Identifier, or Unique Identifiers, Rule; and the Enforcement Rule.
What Did That Mean For Healthcare Organizations?
Here are some of the major structural changes that healthcare organizations had to make to comply with HIPAA. Please note that this simply an overview and not a complete list.
An organization must have a trained HIPAA Compliance Officer who is aware of all regulations and ensures that the company is following all HIPAA requirements.
Organizations must teach and train employees about HIPAA and the pertinent policies. Usually, organizations make an annual commitment to training their staff.
Organizations must safeguard patient health information against unauthorized access and disclosure. If there is a security breach, organizations are required to report the incident and inform the patients who may have been affected.
The Healthcare Insurance Portability and Accountability Act of 1996 massively changed the healthcare industry and will always be remembered as a turning point. It will be exciting to see what changes the future has in store for healthcare.
• Department of Health and Human Services. Centers for Medicare and Medicaid Services, “HIPAA Basics for Providers: Privacy, Security, and Breach Notification Rules.” May 2015 (https://www.cms.gov/Outreach-and-Education/Medicare-Learning-Network-MLN/MLNProducts/Downloads/HIPAAPrivacyandSecurity.pdf)
• Indian Health Service: The Federal Health Program for American Indians and Alaskan Natives, “Healthcare Insurance Portability and Accountability Act.” (https://www.ihs.gov/hipaa/)
• Paul Starr, “The Signing of the Kennedy-Kassebaum Bill,” August 22, 1996 (http://www.princeton.edu/~starr/articles/signing.html).
• Snopes.com, “Congressional Concealer. Rumor: HIPAA Laws started because a senator wanted to cover up his wife’s plastic surgery.’” April 3, 2015. (http://www.snopes.com/politics/medical/hipaalaw.asp)
• RecordNation.com “History and Background of HIPAA.” (https://www.recordnations.com/articles/history-hipaa/)