It’s good to know about the beginnings of the Health Insurance Portability and Accountability Act and how it has changed over the years. HIPAA was signed into law on August 21, 1996 by President Bill Clinton. The aim of this legislation is to improve health insurance coverage of employees. HIPAA helped prevent wastage, fraud and abuse in providing healthcare and health insurance. It also made the administration of healthcare simple yet efficient.
Since 1996, HIPAA had the following major updates:
HIPAA Privacy Rule – This was proposed on November 3, 1999 but was signed into law on December 20, 2000. Covered entities were required to comply with the HIPAA Privacy Rule starting April 14, 2003. This rule provided a definition of Protected Health Information (PHI) and stipulated the proper use and disclosure of PHI. It required the implementation of appropriate safeguards to secure patient privacy. The rule also gave patients the right to get copies of their PHI.
HIPAA Security Rule – This was first proposed on August 12, 1998 but was signed into law on February 20, 2003. Compliance to the HIPAA Security Rule was mandated starting April 21, 2006. The primary concern of this rule is to have a national standard for securing electronic protected health information. It required covered entities and business associates to implement administrative, physical and technical safeguards to ensure the integrity, confidentiality and availability of PHI. It also required the conduct of a risk analysis to identify risks and reduce them to an acceptable level.
HITECH Act – The Health Information Technology for Economic and Clinical Health Act became a law on February 17, 2009. Certain provisions of the HITECH Act were implemented on the same month like the higher penalties for HIPAA Rules violations. The rest became enforceable starting February 27, 2010.
HIPAA Breach Notification Rule – This rule was created when the HITECH Act was incorporated into HIPAA. It required the notification of patients and plan members in case of a breach of their protected health information. Business associates were also required to comply with HIPAA Rules and made accountable when violating HIPAA Rules.
HIPAA Omnibus Rule – This rule was enacted on January 17, 2013. This incorporated many of the HITECH Act provisions into HIPAA. Compliance with this rule began on September 23, 2013.
HIPAA Enforcement Rule – This rule was introduced in March 16, 2006 and gave the Department of Health and Human Services’ Office for Civil Rights authority to enforce HIPAA. Hence, HHS has been pursuing covered entities that do not comply with the HIPAA Rules and issuing financial penalties.