Looking Back at the 25th Anniversary of HIPAA

On August 21, 1996, that is 25 years ago, President Clinton signed the Health Insurance Portability and Accountability Act (HIPAA) into law. Not many people then would have thought that the HIPAA would develop into the all-inclusive national health privacy legislation that it is nowadays.

It is hard to dispute that the HIPAA isn’t a total success, however, the legislation has drawn a reasonable number of criticism through the years, particularly at first because of the substantial administrative burden it put on healthcare companies. Overall, the enhancements to medical care that have resulted from HIPAA compliance more than offset the disadvantages.

The biggest achievements are the enhancements to patient privacy and information security, the privileges given to patients with regard to their healthcare information, better effectiveness in the healthcare system, and modifications that have aided to minimize waste and healthcare scams. The enhancements have typically been made for a fairly small cost.

HIPAA undoubtedly has its advantages, however, there are also restrictions that have become more and more obvious in recent years and even today, 25 years after introducing the legislation, there’s still confusion concerning what compliance involves. It is valuable to have a short review of the story of HIPAA and how it has changed through the years.

A Short History of HIPAA

HIPAA was at first created to enhance the portability of medical insurance coverage for workers between jobs, to avoid waste, scams and abuse in medical insurance and medical care delivery, to encourage the usage of medical savings accounts by bringing out tax breaks, and to streamline the management of medical insurance coverage. The law was later improved with new Rules that cover the privacy and security of healthcare information.

In the beginning, HIPAA is only applicable to a restricted number of entities in the healthcare sector – healthcare companies, healthcare clearinghouses,
and health plans that only send healthcare information in electronic form for particular transactions for which the HHS retains criteria. The Health Information Technology for Economic and Clinical Health (HITECH) Act extended the coverage of HIPAA to include business associates of HIPAA-covered entities or third-party companies that get access to protected health information (PHI) as part of the services or products provided to covered entities.

Crucial updates to HIPAA are listed below:

  • August 1996 – Signing into Law of the HIPAA by President Bill Clinton
  • April 2003 – Effective Date of the HIPAA Privacy Rule
  • April 2005 – Effective Date of the HIPAA Security Rule
  • March 2006 – Effective Date of the HIPAA Enforcement Rule
  • September 2009 – Effective date of HITECH and the Breach Notification Rule
  • March 2013 – Effective Date of the Final Omnibus Rule