The trusted source for
healthcare information and
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) has its roots in President Clinton’s plan to provide universal health insurance for all Americans. When those efforts failed, Congress passed HIPAA, also known as the Kennedy-Kassebaum Act. It originally was legislation intended to make it easier for people to move their health insurance from one employer to another.
"Instead of just making sure that health insurance was portable and that people couldn’t be denied coverage for existing conditions when they changed jobs, Congress took it as an opportunity to look at the health care market as a whole," says Janice Cunningham, a health care attorney with The Health Care Group, a Plymouth Meeting, PA, consulting firm.
A major issue was the fact that there were no rules about privacy, security, and confidentiality measures, or who had access to information, how it could be shared, and what patient consent was needed.
Congress decided that the health insurance portability issue needed to be addressed immediately and passed the law with a provision giving Congress until August 1999 to pass comprehensive legislation on protecting privacy and ensuring confidentiality of electronically stored medical information.
The act stipulated that if Congress failed to act by the deadline, the Secretary of Health and Human Services (HHS) would create regulations that standardize all electronic data interchange of health information and protect the security of electronic medical records. Since then, HHS has released proposed regulations in increments.
The rule "Transactions and Code Sets" was published in final form by HHS on Aug. 16. The rule provides standards for electronic transactions and code sets that health care providers and payers use to identify diagnoses, drugs, and procedures. When the rule goes into effect, all providers will use and all health plans must accept the same electronic transaction standards. Providers will have until Oct. 16, 2002 to comply with the regulations.
The privacy and security standards were first released in late October 1999 with a 60-day comment period. The final regulations were originally scheduled to be published by Feb. 21, 2000. However, HHS received so many comments from the public — more than 52,000 — that the final regulation. "We were expecting the final rule to be issues in the spring of 2000 but there were so many comments, it took the entire year," Cunningham says.