In its earliest form, HIPAA had three main objectives:
- To ensure the portability of health data and make sure that health insurance coverage was maintained by individuals when they were between jobs.
- To improve efficiency in healthcare, eliminate wastage, and combat healthcare fraud.
- To make healthcare organizations accountable for health data and ensure that health data such as medical records were protected. HIPAA introduced standards that must be followed to ensure the confidentiality, integrity, and availability of healthcare information.
In order to achieve these aims, HIPAA required a major reform of the healthcare industry. HIPAA called for the Department of Health and Human Services to develop a set of standards for the healthcare industry to adopt, which are commonly referred to as the HIPAA Rules.
Initially there were four main HIPAA Rules covering healthcare transactions and code sets, identifiers, privacy, and security. The HIPAA Rules for Transactions, code sets, and identifiers were intended to improve efficiency, eliminate wastage and save healthcare organizations time and money by standardizing the electronic exchange of health information. These standard formats and code sets replaced payer-specific and location-specific data formats and requirements.
HIPAA is now best known for its Privacy and Security Rules. The HIPAA Privacy Rule covers the allowable uses and disclosures of healthcare information and gives patients the right to obtain copies of their healthcare data. Compliance with the HIPAA Privacy Rule became mandatory on April 14, 2013.
The HIPAA Security Rule sets minimum standards that HIPAA-covered entities must meet to ensure healthcare data is properly protected and cannot be accessed by unauthorized individuals. Compliance with the HIPAA Security Rule became mandatory on April 14, 2015.
Naturally, to ensure healthcare organizations comply with the HIPAA Rules there must be consequences for noncompliance. In March 2016, the HIPAA Enforcement Rule took effect. The HIPAA Enforcement Rule gave the Department of Health and Human Services’ Office for Civil Rights the authority to issue financial penalties to healthcare organizations that fail to comply with HIPAA Rules. Today, HIPAA compliance is rigorously enforced by the HHS’ Office for Civil Rights and state Attorneys General and stiff financial penalties and sanctions are issued for compliance failures.
Thanks to HIPAA, the healthcare industry is more efficient, sensitive health information is better protected, patients’ privacy is assured, and Americans have greater control over their healthcare data.