The History of HIPAA & the Consequences of a HIPAA Violation

hipaaThe Health Insurance Portability and Accountability Act, or HIPAA, originally known as the Kennedy-Kassebaum Bill, is a set of regulations that became law in 1996.

Its purpose is to help people carry their health insurance from one company to the next, as well as streamline the movement of medical records from one healthcare institution to another.

In addition, HIPAA created a system to recognize and enforce the rights of patients to protect the privacy of their medical records.

HIPAA is a series of laws that have required healthcare organizations to invest time and money into training for strict compliance.

Although this can be a lengthy and arduous effort for those in the healthcare industry, for patients it creates an additional level and sense of security.

By learning about HIPAA’s background, people can better understand what it is and how it can benefit them and their families.

History of HIPAA

legal document management storage scanning maximize practice productivity lawsThe roots of HIPAA stem from the early 1990s, when it first became apparent that the medical industry would become more efficient by computerizing medical records.

In addition, the industry also needed new standards regarding the management of healthcare data.

These standards included rules regarding the portability of medical information as well as the establishment and protection of a patient’s right to medical privacy.

There was also the issue of ensuring that people could keep their health care coverage when they left their jobs.

HIPAA, the law that resulted from efforts to address these concerns, was passed by Congress and signed by President Bill Clinton.

While the law itself was passed in 1996, the actual details of the law were left to future specifications by Congress, as well as the Secretary of Health and Human Services.

The Privacy Rule was the first aspect of HIPAA to be finalized in 1999. Next came the Transaction and Code Sets Final Rule, in 2000, followed by the Security Rule and the National Provider Identifier, or Unique Identifiers, rule.

The Enforcement Rule specification was, as of 2006, the last part to be finalized in detail.

HIPAA Regulations

healthcare laws regulations impact electronic health recordsHIPAA is a series of regulations governing the transfer of medical information, particularly its modernization by implementing electronic medical record systems.

In addition, it also addresses the issues of health insurance portability and patient privacy rights.

The law is broken up into Title I and Title II, the latter of which is also broken up into separate Rules.

  • Title I is called “Health Care Access, Portability, and Renewability” and it deals with health care plans and policies. Title I regulates the amount of “exclusion” period, or time that health insurers can delay coverage for pre-existing conditions, and also allows ways for policy holders to reduce the exclusion period. Title I also enables people to carry their insurance from one job to the next.
  • Title II is called “Preventing Health Care Fraud and Abuse” and it is made up of five separate Rules: the Privacy Rule, Transactions and Code Sets Rule, Security Rule, Unique Identifiers or National Provider Rule, and the Enforcement Rule.

HIPAA Requirements for Compliance

To comply with HIPAA patient privacy regulations, there are a number of steps that health care providers and insurance companies must take.

  1. The law requires that a company must have a HIPAA Compliance Officer who has taken a training course in compliance. This person will be the one who is ultimately responsible for staying on top of HIPAA requirements and ensuring that the organization is following the law.
  2. Employees need to be kept up to date on policies that pertain to the organization. This may also require ongoing training for the staff.
  3. HIPAA requires organizations to safeguard patient data against unauthorized access and disclosure. This involves implementing a number of security measures that are adequate to prevent physical and network-based intrusions.
  4. In the event of a security breach, organizations are required by law to report the incident and to inform those patients and clients whose information may be affected.

HIPAA Complaints and Violations

hipaaIn the event of a violation of the HIPAA law, patients are given options to file a complaint. This primarily involves contacting the Office for Civil Rights (OCR). The OCR has the authority to investigate allegations of violations and to enforce the law, particularly the Privacy Rule.

Affected parties are required to file a written and detailed complaint either on paper, through the U.S. Mail, via email or by fax within 180 days of the incident, although some deadline exceptions may be granted. HIPAA also forbids retaliation against, or harassment of, those who file complaints.

Punishments for HIPAA violations can include hefty fines, or in the case of willful or egregious violations, imprisonment. HIPAA allows for additional punishments to be administered at the state level.

For instance, California allows for additional fines, such as $250,000 for disclosure of a person’s medical information for financial gain, and also allows affected parties to file a civil lawsuit.

Looking for Help With Your Medical Records Management?

There are several electronic medical record systems that a practice can employ to comply with HIPAA laws and regulations.

If your practice is looking to computerize their system, we offer several options to help make this sometimes difficult transition as painless as possible. Our services include:

EHR- converting records with medical record scanningMedical Record Scanning

Our medical record imaging process is HIPAA and HITECH compliant. We can scan medical charts, business files, patient records, and more. Our nationwide network also offers optical character recognition and redaction services.

medical record storageMedical Records Storage

Our pre-screened network of record storage professionals specialize in helping you stay in compliance and minimize your storage costs. Get free quotes today.


Record Nations can help you select the right electronic medical records software for your practiceElectronic Medical Records

Medical practices can use a specialized electronic medical records (EMRs) for managing individual records in a larger electronic health records (EHR) system. We specialize in making the transition to an EMR simple and cost-effective for practices of all sizes.

Electronic Health Record System SoftwareEHR

Let our experts navigate you through all the acronyms and options so your practice can begin using EMRs and reach the meaningful use requirements in HITECH.


Get Free Quotes On Medical Record Scanning & Storage Services

Record Nations can help you find a reputable local medical record scanning partner that can handle your project quickly, efficiently and securely. Let us help you get more organized and eliminate the costs associated with digital paper document management today.

If you’d like a free, no obligation quotes on medical record scanning, storage, or are looking for help on importing electronic medical records into an EHR, fill out the form to the right, give us a call at (866) 385-3706, or contact us directly using our live chat.

Within minutes, you’ll be connected with an expert in your area that has a quote ready for your practice’s specific needs.