The history of HIPAA started when The Health Insurance Portability and Accountability Act, originally known as the Kennedy-Kassebaum Bill, became law in 1996. Its purpose was twofold. First, to help people carry their health insurance from one company to the next. Second, to streamline the movement of medical records from one healthcare institution to another.
In addition, HIPAA created a system to recognize and enforce the rights of patients to protect the privacy of their medical records.
HIPAA is a series of laws that have required healthcare organizations to invest time and money into training for strict compliance. Although this can be a lengthy and arduous effort for those in the healthcare industry, for patients it creates an additional level and sense of security. By learning about HIPAA’s background, people can better understand what it is and how it can benefit them and their families.
History of HIPAA
The history of HIPAA starts in the early 1990s, when it first became apparent that the medical industry would become more efficient by computerizing medical records. The industry also needed new standards regarding the management of healthcare data. These standards included rules regarding the portability of medical information as well as the establishment and protection of a patient’s right to medical privacy.
There was also the issue of ensuring that people could keep their health care coverage when they left their jobs. HIPAA resulted from efforts to address these concerns, and was passed by Congress and signed by President Bill Clinton.
While the law itself was passed in 1996, the actual details of the law were left to future specifications by Congress, as well as the Secretary of Health and Human Services. As a result, the history of HIPAA involved a few extra steps before it became the law we know today.
In 1999, these groups finalized the first aspect of HIPAA, the Privacy Rule. Next came the Transaction and Code Sets Final Rule, in 2000, followed by the Security Rule and the National Provider Identifier, or Unique Identifiers, rule. The Enforcement Rule specification was, as of 2006, the last part to be finalized in detail.
HIPAA breaks down into two categories, Title I and Title II. Title II breaks down further into several different rules.
- Title I is called “Health Care Access, Portability, and Renewability” and it deals with health care plans and policies. It regulates the amount of “exclusion” period, or time that health insurers can delay coverage for pre-existing conditions. It also provides ways for policy holders to reduce the exclusion period. This part of the law also enables people to carry their insurance from one job to the next.
- Title II is called “Preventing Health Care Fraud and Abuse” and it is made up of five separate Rules: the Privacy Rule, Transactions and Code Sets Rule, Security Rule, Unique Identifiers or National Provider Rule, and the Enforcement Rule.
HIPAA Requirements for Compliance
To comply with HIPAA patient privacy regulations, there are a number of steps that health care providers and insurance companies must take. While HIPAA might have a long history, it’s also more than likely to have a long future as well. Knowledge about the requirements it entails is beneficial for any business that interacts with the law.
One of the requirements is a HIPAA Compliance Officer who has taken a training course in compliance. This person will be the one responsible for staying on top of HIPAA requirements, and ensuring legal compliance. Employees need to stay updated on policies that pertain to the organization as well. This may require ongoing training for the staff.
HIPAA requires that organizations safeguard patient data against unauthorized access and disclosure. This involves implementing a number of security measures to prevent physical and network-based intrusions. In the event of a security breach, the law requires organizations to report the incident and to inform those patients and clients whose information may be affected.
HIPAA Complaints and Violations
In the event of a violation of the HIPAA law, patients are given options to file a complaint. This primarily involves contacting the Office for Civil Rights (OCR). The OCR has the authority to investigate allegations of violations and to enforce the law, particularly the Privacy Rule.
Affected parties must file a written and detailed complaint on paper, sent through U.S. Mail, by, email, or by fax within 180 days of the incident, although some deadline exceptions may be granted. HIPAA also forbids retaliation against, or harassment of, those who file complaints.
Punishments for HIPAA violations can include hefty fines, or in the case of willful or egregious violations, imprisonment. In some cases, HIPAA allows for additional punishments at the state level.
For instance, California allows for additional fines, such as $250,000 for disclosure of a person’s medical information for financial gain, and also allows affected parties to file a civil lawsuit.
Looking for Help With Your Medical Records Management?
There are several electronic medical record systems that a practice can employ to comply with HIPAA laws and regulations. We offer several options to help make this sometimes difficult transition as painless as possible. Our services include:
Our medical record imaging process is HIPAA and HITECH compliant. We can scan medical charts, business files, patient records, and more. Our nationwide network also offers optical character recognition and redaction services.
Our pre-screened network of record storage professionals specialize in helping you stay in compliance and minimize your storage costs.
Medical practices can use a specialized electronic medical records (EMRs) for managing individual records in a larger electronic health records (EHR) system. We specialize in making the transition to an EMR simple and cost-effective for practices of all sizes.
Let our experts navigate you through all the acronyms and options so your practice can begin using an EHRS.
Get Free Quotes On Medical Record Scanning & Storage Services
Record Nations can help you find a reputable local medical record scanning partner that can handle your project quickly, efficiently and securely. Let us help you get more organized and eliminate the costs associated with digital paper document management today.
If you’d like a free, no obligation quotes on medical record scanning, storage, or are looking for help on importing electronic medical records into an EHR, fill out the form to the right, give us a call at (866) 385-3706, or contact us directly using our live chat. Within minutes, we’ll connect you with an expert in your area.