The history of HIPAA started when The Health Insurance Portability and Accountability Act, originally known as the Kennedy-Kassebaum Bill, became law in 1996. Its purpose was twofold.
First, to help people carry their health insurance from one company to the next. Second, to streamline the movement of medical records from one healthcare institution to another. In addition, HIPAA created a system to recognize and enforce the rights of patients to protect the privacy of their medical records.
HIPAA is a series of laws that have required healthcare organizations to invest time and money into training for strict compliance. Although this can be a lengthy and arduous effort for those in the healthcare industry, for patients it creates an additional level and sense of security. By learning about HIPAA’s background, people can better understand what it is and how it can benefit them and their families.
History of HIPAA
The history of HIPAA started in the early 1990s when it first became apparent that the medical industry would become more efficient by computerizing medical records. The industry also needed new standards regarding the management of healthcare data. These standards included rules regarding the portability of medical information as well as the establishment and protection of a patient’s right to medical privacy.
There was also the issue of ensuring that people could keep their health care coverage when they left their jobs. HIPAA resulted from efforts to address these concerns and was passed by Congress and signed by President Bill Clinton.
While the law itself was passed in 1996, the actual details of the law were left to future specifications by Congress, as well as the Secretary of Health and Human Services. As a result, the history of HIPAA involved a few extra steps before it became the law we know today.
In 1999, these groups finalized the first aspect of HIPAA, the Privacy Rule. Next came the Transaction and Code Sets Final Rule, in 2000, followed by the Security Rule and the National Provider Identifier, or Unique Identifiers, rule. The Enforcement Rule specification was, as of 2006, the last part to be finalized in detail.
HIPAA Regulations
HIPAA breaks down into two categories, Title I and Title II. Title II breaks down further into several different rules.
- Title I is called “Health Care Access, Portability, and Renewability” and it deals with health care plans and policies. It regulates the amount of “exclusion” period, or time that health insurers can delay coverage for pre-existing conditions. It also provides ways for policyholders to reduce the exclusion period. This part of the law also enables people to carry their insurance from one job to the next.
- Title II is called “Preventing Health Care Fraud and Abuse” and it is made up of five separate Rules: the Privacy Rule, the Transactions and Code Sets Rule, the Security Rule, the Unique Identifiers or National Provider Rule, and the Enforcement Rule.
HIPAA Requirements for Compliance
To comply with HIPAA patient privacy regulations, there are several steps that healthcare providers and insurance companies must take. While HIPAA might have a long history, it’s also more than likely to have a long future as well. Knowledge about the requirements it entails is beneficial for any business that interacts with the law.
One of the requirements is a HIPAA Compliance Officer who has taken a training course in compliance. This person will be the one responsible for staying on top of HIPAA requirements and ensuring legal compliance. Employees need to stay updated on policies that pertain to the organization as well. This may require ongoing training for the staff.
HIPAA requires that organizations safeguard patient data against unauthorized access and disclosure. This involves implementing several security measures to prevent physical and network-based intrusions. In the event of a security breach, the law requires organizations to report the incident. Additionally, they need to inform those patients and clients whose information may be affected.
HIPAA Complaints and Violations
In the event of a violation of HIPAA, patients are given the option to file a complaint. This primarily involves contacting the Office for Civil Rights (OCR). The OCR has the authority to investigate allegations of violations and to enforce the law, particularly the Privacy Rule.
Affected parties must file a written and detailed complaint on paper, sent through mail, by email, or by fax within 180 days of the incident. However, some deadline exceptions may be granted. HIPAA also forbids retaliation against, or harassment of, those who file complaints.
Punishments for HIPAA violations can include hefty fines, or in the case of willful or egregious violations, imprisonment. In some cases, HIPAA allows for additional punishments at the state level. For instance, California allows for additional fines, such as $250,000 for disclosure of a person’s medical information for financial gain. It also allows affected parties to file a civil lawsuit.
Keep in Compliance With HIPAA With Record Nations
Record Nations can help you find a reputable local medical record scanning partner that can handle your project quickly, efficiently, and securely. Let us help you get more organized and eliminate the costs associated with digital paper document management today.
If you’d like free, no-obligation quotes on medical record scanning, and storage, or are looking for help importing electronic medical records into an EHR, fill out the form, give us a call at (866) 385-3706, or contact us directly using our live chat. Within minutes, we’ll connect you with an expert in your area.
