Kara Sears
The Health Insurance Portability and Accountability Act (HIPAA) was signed into law by President Bill Clinton on August 21, 1996. The act aimed to improve the portability and accountability of health insurance coverage and introduced measures to ensure the continuity of coverage between jobs, guarantee coverage for employees with pre-existing conditions, and prevent job lock, a scenario in which employees stayed in a job to avoid losing health benefits.
| Characteristics | Values |
|---|---|
| Date of Enactment | 21st of August 1996 |
| Full Name | Health Insurance Portability and Accountability Act |
| Abbreviation | HIPAA |
| Purpose | To improve the portability and accountability of health insurance coverage |
| Privacy Rule Date | 14th of April 2003 |
| Security Rule Date | 21st of April 2005 |
| Breach Notification Rule Date | 23rd of September 2009 |
| Omnibus HIPAA Final Rule Date | 23rd of September 2013 |
What You'll Learn
- The Health Insurance Portability and Accountability Act (HIPAA) was signed into law on 21 August 1996
- HIPAA was created to improve the portability and accountability of health insurance coverage
- The Act introduced measures to ensure the continuity of coverage between jobs
- The Act was also designed to prevent job lock, a scenario in which employees stayed in a job to avoid losing health benefits
- The Privacy Rule defines Protected Health Information (PHI) and stipulates permissible uses and disclosures
The Health Insurance Portability and Accountability Act (HIPAA) was signed into law on 21 August 1996
The Health Insurance Portability and Accountability Act (HIPAA) was signed into law on August 21, 1996, by President Bill Clinton. The act aimed to improve the portability and accountability of health insurance coverage and introduced measures to ensure the continuity of coverage between jobs, guarantee coverage for employees with pre-existing conditions, and prevent "job lock", a scenario in which employees stayed in a job to avoid losing health benefits.
HIPAA was created with two main goals in mind: to make healthcare delivery more efficient and to increase the number of Americans with health insurance coverage. These objectives were pursued through three main provisions: portability provisions, tax provisions, and administrative simplification provisions. The administrative simplification provisions instructed the Secretary of the US Department of Health and Human Services (HHS) to issue regulations concerning the electronic transmission of health information, which was expanding rapidly in the early 1990s. This included the standardization of electronic health information and the development of nationwide security standards and safeguards for its use.
HIPAA also mandated the creation of privacy standards for protected health information. As a result, HHS developed the HIPAA Privacy Rule, which sets out detailed regulations regarding the types of uses and disclosures of personally identifiable health information that are permitted by covered entities. The Privacy Rule defines Protected Health Information (PHI), stipulates permissible uses and disclosures, lists circumstances in which authorization is required, and gives individuals rights over their PHI. The rule also establishes standards for the protection of certain health information, including electronic health information.
The HIPAA Privacy Rule was first published in November 1999 but underwent modifications due to the large volume of comments from stakeholders. The final HIPAA Privacy Rule was published in August 2002 and had an effective compliance date of April 14, 2003, for most organizations, with small health plans given an extension until April 14, 2004.
In addition to the Privacy Rule, HHS also promulgated the HIPAA Security Rule, which protects electronic protected health information (ePHI), a subset of PHI that is created, received, maintained, or transmitted electronically. The Security Rule includes three sets of safeguards that must be complied with by covered entities and business associates: administrative, physical, and technical. These safeguards aim to ensure the confidentiality, integrity, and availability of ePHI.
The enactment of HIPAA and its subsequent rules has had a significant impact on the healthcare industry, increasing the security and privacy of health information while also influencing the way physicians and medical centers operate.
Appropriation Bills: Laws in the Making
You may want to see also
HIPAA was created to improve the portability and accountability of health insurance coverage
The Health Insurance Portability and Accountability Act (HIPAA) was signed into law on August 21, 1996, by President Bill Clinton. The Act was created to "improve the portability and accountability of health insurance coverage" and introduced several measures to ensure the continuity of coverage between jobs, guarantee coverage for employees with pre-existing conditions, and prevent "job lock" – a situation where employees remain in a job to avoid losing health benefits.
The HIPAA Privacy Rule, which falls under Title II, defines Protected Health Information (PHI), stipulates permissible uses and disclosures, lists the circumstances in which an authorization is required, and gives individuals rights over their PHI. The Rule had an effective compliance date of April 14, 2003, for most organizations, with small health plans being given an additional year.
The HIPAA Security Rule, also under Title II, includes three sets of safeguards that must be complied with by covered entities and business associates: Administrative, Physical, and Technical. The Rule's effective date was April 21, 2005, for most organizations, with small health plans again being granted an extra year.
The measures introduced in the Act were designed to improve the portability and accountability of health insurance coverage, ensuring the continuity of coverage for employees between jobs and providing coverage for those with pre-existing conditions.
Visual Guide: Understanding the Law-Making Process
You may want to see also
The Act introduced measures to ensure the continuity of coverage between jobs
The Health Insurance Portability and Accountability Act (HIPAA) was signed into law on August 21, 1996, with the aim of improving the portability and accountability of health insurance coverage. The Act introduced measures to ensure the continuity of coverage between jobs, including preventing "job lock", a scenario in which employees would stay in a job to avoid losing health benefits.
HIPAA also guaranteed coverage for employees with pre-existing conditions. Before the Act, employees with pre-existing conditions would be excluded from health benefits by another employer. Title I of HIPAA resolved this issue by requiring health plans to carry forward health benefits from one employer to another.
The Act also introduced measures to combat waste, fraud and abuse in health insurance and healthcare delivery, and to simplify the administration of health insurance transactions such as eligibility checks, authorisations, remittances and payments. This was in response to the increased costs for health insurers that the Act's measures caused.
HIPAA's Administrative Simplification Provisions instructed the Secretary of the US Department of Health and Human Services (HHS) to issue regulations concerning the electronic transmission of health information. This was in recognition of the fact that an increasing number of health insurance transactions were being conducted electronically.
The Privacy Rule, issued by the HHS, sets out regulations regarding the types of uses and disclosures of personally identifiable health information that are permitted by covered entities. Covered entities include healthcare providers, health plans and healthcare clearinghouses. The Privacy Rule also contains standards for individuals' rights to understand and control how their health information is used.
The Security Rule, also issued by the HHS, protects a subset of information covered by the Privacy Rule. This subset is all individually identifiable health information a covered entity creates, receives, maintains or transmits in electronic form. This is known as electronic protected health information, or e-PHI.
Understanding the Process: Bills to Laws
You may want to see also
The Act was also designed to prevent job lock, a scenario in which employees stayed in a job to avoid losing health benefits
The Health Insurance Portability and Accountability Act (HIPAA) was signed into law on August 21, 1996, by President Bill Clinton. The Act was designed to "improve the portability and accountability of health insurance coverage" and introduced measures to ensure the continuity of coverage between jobs, guarantee coverage for employees with pre-existing conditions, and prevent "job lock".
Job lock is a term used to describe the inability of an employee to freely leave a job because doing so will result in the loss of employee benefits, usually health or retirement-related. In the context of health insurance, job lock occurs when an employee is reluctant to leave their current job due to the fear of losing their health benefits or not being able to obtain affordable insurance at a new job. This situation can lead to employees staying in jobs they dislike or that do not pay enough, limiting their career choices and opportunities.
The link between employer-provided health insurance (EPHI) and labour market mobility was recognised as an important factor in evaluating proposals to reform the US healthcare system. Studies have shown that job lock can result in a significant reduction in voluntary employee turnover rates, with employees staying in their current jobs to maintain their health benefits.
HIPAA was designed to address job lock by improving the portability of health insurance coverage. The Act included provisions to ensure that health plans carry forward health benefits from one employer to another. This means that employees can change jobs without losing their health insurance coverage, promoting labour market mobility.
In addition to HIPAA, other legislative efforts to address health insurance-related job lock include the Consolidated Omnibus Budget Reconciliation Act of 1985 (COBRA). However, these efforts have had limited success in ensuring the affordability of health insurance, which is the main cause of job lock.
The implementation of the Affordable Care Act (ACA) has further helped to break the bonds of job lock by guaranteeing coverage on the individual market. Under the ACA, anyone can enrol in coverage through the health insurance marketplace within 60 days of losing health insurance coverage, even if they leave their job by choice. This has provided employees with more freedom and flexibility in their career choices, no longer having to stay in a job just to keep their health benefits.
The Exciting Journey of a Bill to a Law
You may want to see also
The Privacy Rule defines Protected Health Information (PHI) and stipulates permissible uses and disclosures
The HIPAA Privacy Rule was published in 2002 and defines Protected Health Information (PHI) as any information, including demographic data, that relates to:
- An individual's past, present, or future physical or mental health or condition.
- The provision of health care to an individual.
- The past, present, or future payment for the provision of health care to an individual.
PHI also includes many common identifiers such as name, address, birth date, and Social Security Number.
The Privacy Rule stipulates that a covered entity may not use or disclose PHI, except when the Rule permits or requires it, or when the individual who is the subject of the information authorises it in writing. The Rule also gives individuals rights over their PHI, including the right to request copies of their PHI, request corrections, and request an accounting of disclosures.
The Rule permits uses and disclosures of PHI for the following purposes:
- To the individual.
- Treatment, payment, and health care operations.
- Incident to an otherwise permitted use and disclosure.
- Public interest and benefit activities.
- Limited data set for the purposes of research, public health, or health care operations.
Oklahoma's Law-Making Process: A Bill's Journey
You may want to see also
Frequently asked questions
The Health Insurance Portability and Accountability Act (HIPAA) was signed into law on August 21, 1996, by President Bill Clinton.
HIPAA was created to "improve the portability and accountability of health insurance coverage" and the Act introduced a number of measures to ensure the continuity of coverage between jobs, guarantee coverage for employees with pre-existing conditions, and prevent "job lock" – a scenario in which plan members stayed in a job to avoid losing health benefits.
PHI stands for Protected Health Information. The HIPAA Privacy Rule defines PHI as individually identifiable health information that is held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral.
