What is HIPAA Law?
Health Information Privacy and Security
For almost everyone the word ‘HIPAA’ means law protecting the privacy of health information. And for almost everyone involved in health care including compliance professionals ‘HIPAA’ is considered complex and confusing. We think differently.
HIPAA Rules are Easy to Follow - Step-by-Step - When You Know the Steps
What is HIPAA?
HIPAA is shorthand for a federal law, the Health Insurance Portability and Accountability Act of 1996. That law covers a wide range of topics related to health care and privacy and security are mentioned only in a few sections. In 1996 Congress was most concerned about enabling people to keep their health insurance when they changed jobs, address related health insurance issues, prevent health care fraud and abuse and take advantage of the newly developed Internet by establishing standard electronic formats for the exchange of health information. It was a bi-partisan effort originally called the “Kennedy Kassebaum Act’ because its lead sponsors were Democrat Senator Ted Kennedy of Massachusetts and Republican Senator Nancy Kassebaum of Kansas. Privacy and security of individually identifiable health information was a last minute addition prompted by Republican Senator Christopher Bond of Missouri.
HIPAA Rules – and "HIPAA" in Everyday Use
The 1996 legislation authorized the Secretary of the Department of Health and Human Services to make regulations – administrative laws – called rules establishing national standards for protection of the privacy and security of individually identifiable health information. The first and most important rule known as the Privacy Rule became effective on April 14, 2003. That was when Americans began to receive a Notice of Privacy Practices from health care providers and health plans. Many called it the ‘HIPAA Notice’. From that day forward a word made up of the first letters of the 1996 law, ‘HIPAA’ has meant one thing – health information privacy.
HIPAA Law Continues To Develop
The original 1996 law has been amended, most notably by the HITECH Act in 2009, HIPAA Rules have been updated and the Department of Health and Human Services routinely issues guidance to explain how it interprets and enforces the HIPAA Rules. There are four HIPAA Rules governing health information privacy and security that will be explained in more detail below. They are:
- The Privacy Rule – the fundamental and most important rule;
- Security Rule;
- Breach Notification Rule; and
- Enforcement Rule.
Why Does HIPAA Seem So Complicated?
The current HIPAA Rules are made up of language that has been composed, argued about and modified piecemeal since the late 1990s. Their structure is hard to follow and they are written in dense ‘legalese’. In some cases internal citations in the HIPAA Rules to other sections of the rules are simply wrong. An example of the problems one sees when studying the rules comes from a 2013 government printing mistake that still has not been corrected. That mistake left the approved definition of an essential term out of the official text of the HIPAA Rules. That term is used repeatedly to describe required and detailed procedures for HIPAA administration, enforcement and investigations. The term is ‘Secretary’ (of the Department of Health and Human Services). Although the mistake could be fixed easily by publishing the approved definition of ‘Secretary’ as a simple technical correction in the Federal Register, lawyers are forced to research rule-making history to define the term accurately for clients.
We Make It Easy To Understand and Follow The HIPAA Rules
In order to find a practical way to understand and retrieve the HIPAA Rules easily, we analyzed each section, grouped them in logical order, broke them into manageable step-by-step parts and translated ‘legalese’ into plain language. Then we used technology to create a database and make every HIPAA topic easy to find by searching key words and phrases. That led us to build and program The HIPAA E-Tool® for delivery on the Internet so our system could be accessible and affordable everywhere. It’s a brand new way to deliver legal information and work with clients.