HIPAA: Why We Needed It and What It Does

The Health Insurance Portability and Accountability Act (HIPAA) was introduced in 1996 by President Clinton. Its effects are broad and far-reaching, and it represents a major form of healthcare reform before the Affordable Care Act. When most people think of HIPAA, they think of privacy rules for patient information—but actually, HIPAA was introduced to help ensure coverage for people who changed jobs or lost their jobs. Prior to the introduction of HIPAA, there were no national-level safeguards for this, and insurers could and often did exclude pre-existing conditions for people who changed jobs (and thus insurance plans) or lost their jobs.

One of the most significant aspects of HIPAA is Title I, which introduced coverage safeguards for employees and their families when they left their jobs. It required the coverage of pre-existing conditions when an employee was forced to change health insurance because of a change in employment, and put limits on the ways group health plans could use pre-existing conditions in the first place.

It did allow group health plans to exclude pre-existing conditions from coverage for a period of 12 or 18 months, depending on when the insured enrolls in the new plan; insureds could reduce the time of exclusion if they had insurance coverage before enrolling in the new insurance policy and didn’t experience a “significant break” in coverage, defined as a 63-day period of being uninsured.

The second part of HIPAA relates to privacy of patient information, introducing major legal penalties for anyone who violates patient privacy. This part of the law did not go into full effect until 2003; up until then, there was no national-level standard for protecting patient information.

Under the HIPAA Privacy Rule, “Protected Health Information” (PHI) held by health insurers and other medical service providers must be disclosed to the patient within 30 days upon request and to third parties under certain other circumstances, such as for the sake of the insured’s health care, in cases of suspected child abuse, or to help law enforcement solve a case; however, outside of these circumstances, this data must be protected and released only upon the patient’s written authorization.

Another major aspect of HIPAA is the Transactions and Code Sets Rule, which attempts to standardize health care transactions and reduce administrative overhead. This was seen as a way to reduce confusion in the system, administrative delays to care, and the cost of providing care.

HIPAA has an enforcement rule that mandates procedures for investigating violations and running hearings. While these rules are enforceable in both civil and criminal courts, in practice it’s difficult for patients to get the government to take action in response to privacy violation complaints.

Violations are not unheard of. The most common type of violation is the misuse or inappropriate disclosure of patient health information, or inadequate safeguards to protect digital information. Private practices are generally found to be the worst violators as a whole, followed by hospitals, outpatient facilities, insurers, and pharmacies.

HIPAA was designed to simplify administrative tasks, but with the complexity of the law and the potential for high fines if the law is violated, it may have driven up health care costs rather than reducing them. In addition, although the fines for violation can be steep, many violators are not punished. Consequently, HIPAA can be seen as both successful—in that it has made strides in improving access to healthcare coverage for those who switched jobs and had pre-existing conditions, and it introduced much-needed rules about the privacy of patient data. However, it isn’t a perfect solution to the entrenched problems of the US healthcare system.

Want to know more about health insurance issues? Check out our health insurance continuing education classes.

This entry was posted in Insurance and tagged , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *