Learn the facts of why, when, and how the Health Insurance Portability and Accountability Act (HIPAA) was created.
HIPAA was established to “improve the portability and accountability of health insurance coverage” for employees between jobs. In other words, to allow continuing coverage for people who lose their jobs. Interestingly enough, the part of HIPAA that most people are familiar with, the privacy rule, is only ONE of five parts of the law. Other objectives are to tackle waste, fraud, and abuse in health insurance. HIPAA also enabled the use of medical savings accounts by introducing tax incentives and providing coverage for employees who had pre-existing medical conditions. HIPAA covers a lot, and since its time of inception, it has evolved over time to encompass even more than originally intended.
HIPAA Through the Years
HIPAA was signed into law on August 21, 1996. However, many significant updates have occurred since then. These changes and additions were mostly to keep up with modern tech and electronic medical records.
HIPAA Timeline
1. Develop an organizational policy regarding social media and how it used for your practice, then make
- 1998 – Security and Electronic Signature Standards Rule proposed. Improved security standards for info stored by health plans, clearinghouses, and providers. Covered the use of electronic signatures.
- 1999 – Privacy Rule Proposed to improve privacy standards by restricting PHI to unauthorized individuals. Patients would be given better access to their own health data.
- 2000 to 2002 – The Privacy Final Rule is issued; however technical corrections and an extended comment period delayed its introduction.
- 2003 – HIPAA Security Standards Final Rule Issued. Considered a big occasion, this prompted the healthcare industry to enact appropriate administrative, physical, and technical safeguards to protect electronic PHI.
- 2005-2006 – HIPAA Enforcement Proposed Rule. Paved the way for investigations into HIPAA violations and the issuing of financial penalties, as well as a procedure for hearings.
- 2008 – The Office for Civil Rights (OCR) is heavily criticized for its lack of investigations into HIPAA complaints and lack of fines. DHHS urges tougher enforcement.
- 2009 – HITECH act signed as part of the American Recovery and Reinvestment Act. Introduced incentives to improve information technology infrastructure and to encourage the use of electronic health records.
- 2010 – HITECH enforcement begins with a $250,000 fine for a healthcare provider who lost an unencrypted hard drive containing the PHI of 1.5 million Americans.
- 2011 – Omnibus Final Rule Finalized. Included major updates to HIPAA and additional provisions of HITECH.
- 2013 – Omnibus Final Rule issued. Added changes to improve data security, further restrict access to ePHI, prevent the use of PHI for marketing.
- 2015 and beyond – the OCR has continued to conduct HIPAA compliance audits in the industry. New technology and more determined hackers are sure to prompt further HIPAA improvements to combat new challenges.
Now that you are all caught up on the history of secure personal health information – you are in the know and ready to make informed decisions. As organizations add new technology to their services, HIPAA security is a mandatory consideration. Choose customizable, HIPAA-compliant electronic forms from FormDr as part of your strategy to remain efficient and competitive in today’s healthcare market.
