Given the extra effort and costs that the Health Insurance Portability and Accountability Act (HIPAA) imposes on organizations in the healthcare space, not to mention the restrictions that it places on doctors, administrative staff, and other healthcare employees, people could be forgiven for asking what good it serves and why HIPAA was introduced. Is HIPAA providing a value that is greater than the burdens associated with compliance?
Why was HIPAA Introduced?
Originally, the goal of HIPAA was to safeguard health insurance coverage for people who were between jobs so that they were not completely unprotected or dependent on employers for healthcare. Additionally, HIPAA proposed the introduction of laws that aimed to better protect people’s personal information and their healthcare data in order to reduce the opportunities for insurance fraud. While these exact provisions were not brought into force along with the first iteration of HIPAA in 1996, they did eventually come into effect a few years later.
A major advance that was ushered in by HIPAA was the standardization of certain aspects related to healthcare administration which led to valuable gains in efficiency that benefited both patients and healthcare organizations. Things such as code sets for treatments or diseases and elements used in the identification of patients were adopted and this enabled data to be transferred more smoothly and intelligibly among healthcare providers and insurance companies or brokers. The treatment of payments, coverage inquiries, and other areas were greatly improved by this step.
HIPAA did not just address subjects pertaining to the direct provision of healthcare and insurance, it also reviewed and revised some issues relating to taxation and borrowings based on life insurance policies. Under HIPAA, the interest accrued on such loan was no longer tax deductible. Minimum criteria were established for group health insurance plans and certain taxation questions concerning medical savings accounts were clarified.
As it exists as part of a larger legislative framework, HIPAA also includes parts that pertain to other laws and legal requirements. These include the Public Health Service Act, Employee Retirement Income Security Act, and more recently, the Health Information Technology for Economic and Clinical Health (HITECH) Act.
Patient Privacy and Data Security
In a general context, HIPAA is credited with improving the safety of people’s healthcare information and increasing the level of protection guarding their data. Perhaps the most important parts of these aspects of HIPAA came into force with the HIPAA Privacy Rule in the year 2000 and the HIPAA Security Rule in 2003. Further steps to help patients be more confident and knowledgeable about the safety of their data came into force with the Breach Notification Rule in 2009.
The Privacy Rule restricted how and with who patient data could legally be shared. It also granted patients more control over their data by allowing them access to copies of the information, potentially allowing them to change insurance or healthcare provider more easily. The Security Rule put minimum standards in place that aim to protect information that is electronically stored or transferred.
To sum up, HIPAA was introduced to make the healthcare industry more efficient, to help people to keep their insurance coverage, and to protect patient’s privacy and data.