The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that enforced the establishment of national standards to protect sensitive patient health information from being disclosed without the consent or approval of the patient.
The US Department of Health and Human Services (HHS) issued the HIPAA Privacy Rule to enact HIPAA guidelines.
The HIPAA Security Rule protects a subset of information covered by the Privacy Rule.
HIPAA was created to “improve the portability and accountability of health care coverage” for workers who change jobs.
HIPAA also worked to tackle fraud, abuse, and misuse in the health insurance and healthcare sectors.
The Act also included provisions to facilitate the use of medical savings accounts by providing tax breaks, extending coverage for workers with pre-existing medical conditions, and simplifying health insurance administration.
The law is broken up into Title I and Title II, which is also broken up into different Rules.
Title I deals with health care plans and policies and is titled “Health Care Access, Portability, and Renewability.”
Title I restricts the amount of time that health insurers can postpone coverage for pre-existing conditions and offer incentives for policy holders to shorten the exclusion duration.
Employees can also bring their insurance from one job to the next under Title I.
The Privacy Rule, Transactions and Code Sets Rule, Security Rule, Unique Identifiers or National Provider Rule, and Enforcement Rule are all part of Title II, named “Preventing Health Care Fraud and Abuse.”
Why was HIPAA passed?
The primary object of HIPAA was to improve the efficacy and efficiency of the health care system.
HIPAA has developed new guidelines to enhance productivity in the healthcare industry, requiring healthcare organizations to follow the standards to minimize paperwork.
With the introduction of the HIPAA Privacy Rule of 2000 and the HIPAA Security Rule of 2003, HIPAA is best known for protecting patient privacy and ensuring patient data is appropriately protected.
The Breach Notification Rule, which went into effect in 2009, required that individuals be notified if their health information was violated.