The trusted source for
healthcare information and
Final rules to be in place by February
The Health Insurance Portability and Account ability Act of 1996 (HIPAA) has its roots in President Clinton’s plan to provide universal health insurance for all Americans.
When those efforts failed, Congress passed HIPAA, also known as the Kennedy-Kassebaum Act. The act originally was intended to make it easier for people to move their health insurance from one employer to another. However, in passing the act, Congress considered the underlying problems in the infrastructure within which health insurance is provided and managed.
"The basic issue is that the health insurance industry operates much the same way any other free market for-profit sector does. It is made up of competing private institutions that don’t always do things in the same way," says John Knapp, an attorney specializing in health care issues with the Philadelphia law firm of Cozen and O’Connor.
"This puts a tremendous burden on health care providers to deal with a myriad of different requirements for maintaining records, filing claims, and interfacing with insurers," he adds.
A major issue was the fact that there were no rules about privacy, security, and confidentiality measures, or who had access to patient information, how it could be shared, and what patient consent was needed.
Congress decided that the health insurance portability issue needed to be addressed immediately, and passed the bill with a three-year deadline (Aug. 21, 1999) for Congress to pass subsequent legislation on protecting privacy and ensuring confidentiality of electronically stored medical information.
"Congress recognized that administrative simplification was in some ways going to open a Pandora’s box. As you move insurers and pro vi ders to utilize electronic exchange of information, this would mean that more and more private, sensitive information about people’s health status would exist on electronic data bases," Knapp says.
The administrative simplification standards have been developed and released in several stages, beginning in August 1997. The act stipulated that if Congress failed to act by the deadline, the secretary of Health and Human Services would release privacy and confidentiality standards, which would become final by February 2000.
Because Congress failed to act before the August 1999 deadline to set privacy and confidentiality standards, Secretary of Health and Human Services Donna Shalala proposed the privacy standards in late October. The proposed standards will be open for public comment for 60 days, with the final regulations scheduled to be published by Feb. 21, 2000.
The Clinton administration has urged Congress to pass legislation that will give HHS authority to protect all medical records, including those that are maintained in paper form, and to pass legislation that will give the public the right to sue when their medical information is used inappropriately.
One sensitive issue that has not yet been decided is whether federal standards will pre-empt state standards, Knapp says.
And, he adds, don’t count Congress out yet.
"They still may extend the deadline or come up with standards that put their own point of view into place," Knapp says.