What is HIPAA?
The Health Insurance Portability and Accountability Act (HIPAA) was created by the U.S. Congress in 1996 to amend both the Employee Retirement Income Security Act (ERISA) and the Public Health Service Act (PHSA). HIPAA was enacted to protect individuals covered by health insurance and set standards for the storage and privacy of personal medical data.
Key Takeaways
- HIPAA influences policies, technology, and record-keeping at medical facilities, health insurance companies, HMOs, and healthcare billing services.
- Noncompliance with HIPAA’s standards and best practices is illegal.
- The HITECH Act, established in 2009, expanded HIPAA privacy and security protections for patients.
How HIPAA Works
HIPAA ensures that individual health-care plans are accessible, portable, and renewable. It sets standards and methods for how medical data is shared across the U.S. health system to prevent fraud. It preempts state law, unless state regulations are more stringent.
Since 1996, HIPAA has been updated to include processes for safely storing and sharing patient medical information electronically. Additionally, administrative simplification provisions increase efficiency and reduce administrative costs by establishing national standards.
In 2009, the Health Information Technology for Economic and Clinical Health Act (HITECH) broadened HIPAA privacy and security protections. The HITECH Act, part of the American Recovery and Reinvestment Act of 2009, promotes the use of health information technology and addresses associated privacy and security concerns.
The Future of HIPAA
In 2018, concerns regarding the privacy risks of digital healthcare data prompted discussions about potential updates to federal laws. In an era of fitness-tracking apps and GPS-tracked data tracking individuals’ daily steps, heart rates, medications, allergies, and even menstrual cycles, upholding standards in storing and protecting personal medical data presents new challenges.
Nan Halstead, a health privacy and security attorney, commented that future laws will likely use HIPAA’s framework as a model for new regulations governing the digital sector. While no new federal laws have been enacted yet, states are passing laws to fill the gaps in the meantime. Furthermore, companies tracking consumer data are currently subject to supervision by regulatory bodies like the U.S. Food and Drug Administration (FDA) and the Federal Trade Commission (FTC).
Related Terms: HITECH Act, data security, healthcare, phsa.
References
- Library of Congress. “H.R.3103-Health Insurance Portability and Accountability Act of 1996”.
- Centers for Medicare & Medicaid Services. “MLH Booklet-HIPAA Basics for Providers: Privacy, Sercurity & Breach Notification Rules”.
- U.S. Department of Health & Human Services. “HITECH Act Enforcement Interim Final Rule”.
- Bloomberg Law. “VIDEO: Your Fitbit Steps May Not Be Protected by Federal Law”.