The Health Insurance Portability and Accountability Act, more commonly known as HIPAA, imposes a number of restrictions and requirements on the healthcare sector, but what is the purpose of HIPAA? Healthcare staff can be quite vocal on things prohibited by HIPAA, but are the gains worth the effort?
What is the Purpose of HIPAA?
Enacted in 1996, the original goal of HIPAA was to provide health insurance to people while they were between jobs. It also aimed to protect patient data and fight against fraud – but this rule was written later.
HIPAA obliged healthcare organizations to introduce common standards to improve administrative efficiency. Code sets being used with patients identifiers allowed for smoother sharing of information between organizations and insurers, facilitating billing, payments, and other tasks.
HIPAA also brought in requirements for group health plans and changed the tax rules relating to medical savings accounts and life insurance loans.
HIPAA regroups legislation from a number of other Acts, such as the Public Health Service Act, Employee Retirement Income Security Act, and, more recently, the Health Information Technology for Economic and Clinical Health (HITECH) Act.
Health Data Privacy and Security
HIPAA’s most well known aspects are from 2000’s HIPAA Privacy Rule and 2003’s HIPAA Security Rule, which introduced protections for patients’ data and privacy. Legislation governing how people should be informed of disclosures of their health information came into force with 2009’s Breach Notification Rule.
The Privacy Rule restricted when protected health information (PHI) could be used or shared, under what circumstances this could be done, with whom, and when. This rule also allowed patients to request access to their information. The Security Rule added a number of safeguards to govern how data could be stored, sent, and accessed, as well as how this access could be monitored and controlled.
To sum up, what is the purpose of HIPAA? HIPAA aims to increase efficiency in the healthcare sector, facilitate the portability of health insurance, safeguard the privacy of individuals, protect healthcare data, and make sure people are informed when their data has been compromised.