What is HIPAA?

Losing your job is hard enough. But what if you lost your healthcare insurance along with it? And there were no standardized ways to keep or transfer your health information? Although this scenario may seem hard to fathom today, in the not-so-distant past the loss of employer-based health insurance and irregular recordkeeping were very real fears. The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996 to address many concerns around health records and coverage. There are five sections (“titles”) to the act:

Title I: HIPAA Health Insurance Reform | Health care access, portability and renewability

Title I was implemented to address the availability of health insurance for individuals. In other words, it protects patients who might otherwise not have access to health insurance. It requires that during a change or loss of job, the employee may still have access to his insurance plan.

Title II: HIPAA Administrative Simplification| Preventing health care fraud and abuse; administrative simplification; medical liability reform

Title II requires the Department of Health and Human Services (HHS) to develop standards for the use and dissemination of healthcare information, a stipulation that resulted in the creation of the Privacy Rule and Security Rule. Both are intended to prevent health care fraud and abuse. The Privacy Rule establishes national standards for the protection of certain health information known as Protected Health Information (PHI). The Security Rule establishes a national set of security standards for ePHI, protected information that is stored or transferred electronically.

Title III: HIPAA Tax-Related Health Provisions

This title adjusts laws regarding health insurance and medical deductions. The most important example of this might be the standardization of the amount that may be saved per person in a pre-tax medical savings account (MSA). Since 1997, MSAs have been available to employees covered under an employer-sponsored high deductible plan of a small employer and self-employed individuals.

Title IV: Application and Enforcement of Group Health Plan Requirements

Title IV specifies that employees cannot be denied coverage due to preexisting conditions or medical history.

Title V: Revenue Offsets

This title makes special provisions regarding company-owned life insurance, treatment of expatriated individuals, and also repeals the IRC’s financial institution rule to interest allocation rules.

HIPAA affects all organizations that directly maintain and transmit protected health information. These include hospitals, healthcare providers, laboratories, health insurance companies, pharmacies and more. The Privacy and Security Rules have impacted the way these organizations operate and changed the landscape of healthcare treatment.

Some critics argue that HIPAA has built roadblocks that impede healthcare research, as healthcare organizations cannot perform studies based on patient chart data without consent. They claim that this has driven up costs of recruitment for studies and surveys.

Critics also point out that since patient data cannot be shared between healthcare providers without patient permission, some records are not transferred in a timely manner. Many people point to the complexity of implementing HIPAA as cause for increased expenses for healthcare providers.

On the other hand, many say HIPAA has bolstered information security in those same organizations. Standards for patient confidentiality and healthcare information have been established across organizations and information transfer is more secure and efficient. As a result of HIPAA, patients and their information are more protected than ever before.

HIPAA has become an ingrained part of the US healthcare system, impacting the millions who depend on hospitals, physicians, and other providers for life-saving treatments. Understanding HIPAA is key to understanding healthcare in America.

Resources:
https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html
https://en.wikipedia.org/wiki/Health_Insurance_Portability_and_Accountability_Act