The History of HIPAA from A to Z

It’s important to know the history of the Healthcare Insurance Portability and Accountability Act (HIPAA) for a better understanding of the reason for its signing and why a lot of healthcare organizations and providers try to keep up with its standards. Also, knowledge of HIPAA history helps to understand how to hold on to the Rules to be compliant. Because the Act itself doesn’t provide strict rules on how to maintain compliance. Covered entities (CEs) mostly have to decide on their own.

There is no practical sense to write a large definition about what is the Healthcare Insurance Portability and Accountability Act (HIPAA) of 1996. As we have a great article What is HIPAA?, where you can find answers to all your exciting questions concerning HIPAA, its rules, covered entities, and so on. So, let’s get straight to the history of HIPAA.

The Roadmap of Important Dates in The History of HIPAA

For better navigation in our article, we would like to provide you with a map of substantial dates in the HIPAA history in chronological order. We will organize the article according to this roadmap further. So, enjoy. 🙂

  1. 21st of August, 1996 – signing of the Healthcare Insurance Portability and Accountability Act (HIPAA) by then-president of the USA Bill Clinton.
  2. April, 2003 – imposing the HIPAA Privacy Rule.
  3. April, 2005 – the introduction of the Security Rule.
  4. March, 2006 – introducing The Enforcement Rule.
  5. February, 2009 – signing the HITECH Act by the president Barack Obama.
  6. September, 2009 – putting the HIPAA Breach Notification Rule into force.
  7. March, 2013 – imposing the currently final Omnibus Rule.

The signing of The Healthcare Insurance Portability and Accountability Act (HIPAA)

Bill Clinton, the ruling president of the US of that time, signed the Healthcare Insurance Portability and Accountability Act (HIPAA) on the 21st of August, 2021. The primary purpose of signing that act into law was to help a bigger number of Americans get health insurance and guarantee that workers who change jobs will not lose their insurance. The root cause of putting this act into force was the start of innovations of the data stream in the healthcare sphere. Under HIPAA, the Secretary of Health and Human Services (HHS) had to set up privacy and security regulations. It was the actual beginning of the Security and Privacy Rules.

The History of HIPAA: HIPAA Privacy and Security Rules

These two rules are landmarks of the HIPAA. The Privacy Rule was first suggested in 1999 to define conditions of usage and disclosure of the Protected Health Information (PHI) and give patients better access to their PHI. We have an article about interesting PHI facts, where you can extend your knowledge on the topic of Protected Health Information.

After its suggestion in 1999, Bill Clinton concluded the Rule at the end of his second term, on the 28th of December, 2000. Then HHS made a range of suggestions, including making the Office for Civil Rights administer all processes concerning HIPAA. But it still wasn’t the final version of the HIPAA Privacy Rule. In 2002 HHS sought public opinion on improvements to the rule. So, the U.S. Department of Health and Human Services announced the eventual rule in 2003. It considered all advancements for higher efficiency.

The History of HIPAA

As for the HIPAA Security Rule, HHS proposed it in 1998. But it also took some time to put it into force. The aim of this rule was to heighten the level of protected health information (PHI) safety. As healthcare providers and organizations exchange PHI and related information under HIPAA. After enacting the Security Rule, HHS gave some time for organizations to keep up with the standards.

The Enforcement Rule and HITECH Act

Introduced in 2006, the HIPAA Enforcement Rule’s aim was to study complaints on covered entities, that don’t keep up with HIPAA requirements and to set fines for non-compliance. If individuals think that a covered entity unlawfully shared their personal information and violated their rights seriously, they can file a civil suit against it.

Also, HHS decided to set penalties on those covered entities, which experienced ePHI breaches. In case they held on to the Safety and Privacy Rules properly, they wouldn’t have such accidents. 

As for the HITECH Act, or fully the Health Information Technology for Economic and Clinical Health Act, it was introduced in less than a month after the start of Barack Obama’s presidential term. The aim of this act was to stimulate health organizations and providers to implement Electronic Health Records (EHRs) into their workflow. Later HHS also developed a scheme of penalizing covered entities for non-compliance, so fines turned out to be much bigger.

The HIPAA Breach Notification and Omnibus Rules

The Breach Notification Rule was introduced in 2009. It stated, that all ePHI breaches, which cause damage to more than 500 patients, should be immediately reported to the Office for Civil Rights (OCR) and injured parties.

Regarding the Omnibus Rule, it was a kind of a summarizing of all improvements of the Rules signed into law before. The U.S. Department for Health and Human Services introduced it in 2012. But they finally put this rule into force a year later. There were plenty of security and privacy updates, but the main change was about Business Associate Agreement. Under the HIPAA Omnibus Rule, business associates (BAs) should be HIPAA Compliant, because they manage PHI and ePHI. So, they should approve their Compliance by signing the Business Associate Agreement.

Where Do Things with HIPAA Stand Today?

The History of HIPAA

About 9 years passed since the last Rule was enforced. The cybersecurity landscape is shifting, causing the healthcare field to adjust. So, HIPAA also can’t stand in the same place. Possible changes to the Privacy Rule are still discussed. So, this year the Final Rule with all suggested improvements is expected. You can find out the main predictions of specialists in 2022 in our recent news article

Check out our blog to stay informed!

We will be happy to hear your thoughts

Leave a reply

hipaa-software.com
Logo
Register New Account
Reset Password
Compare items
  • Total (0)
Compare