When was HIPAA enacted?
Anyone who has worked in the healthcare sector is familiar with HIPAA and recognizes the value of protecting confidential health information (PHI). Most people, however, are unaware of HIPAA’s history, including when it was enacted and how it has evolved.
HIPAA was enacted on August 21, 1996, when President Bill Clinton added his signature and signed the legislation into law.
HIPAA was not easy to introduce, even though it ultimately gained enough support to pass. Originally known as the Health Insurance Reform Act, it was introduced in response to the rapidly changing healthcare system and an obvious need to simplify moving healthcare plans between employers.
While the law now protects other aspects of health privacy, it was initially meant to “improve the portability and transparency of health insurance coverage” when workers switched jobs.
HIPAA also held healthcare institutions responsible for patient’s health records and assisted in protecting personal health information.
HIPAA has eliminated fraud in healthcare by preventing misuse and theft in health care and insurance and simplifying healthcare administration.
HIPAA was introduced and signed into law in 1996. Still, there have been numerous changes to the legislation since then, including implementing the HIPAA Privacy Rule, HIPAA Security Rule, and the HIPAA Omnibus Rule.
Many additional provisions were added to HIPAA regulations. As a result of these updates, patient’s privacy was protected, healthcare data was saved correctly, patients were informed in the event of a violation of their protected health information, and business associates of HIPAA-regulated organizations had to obey HIPAA Rules as well.
Changes to HIPAA since its Enactment
The Department of Health and Human Services took over the implementation and compliance of HIPAA after it was signed into law. They also began drafting new “Laws” to be included in the Act.
The first legislation took effect in 2003. This “Privacy Rule” included a definition of PHI as well as guidelines for accessing, using, and reporting health care data of an individual. It also made other improvements, such as making it a requirement that all business partners be HIPAA-compliant.
In April 2005, the Security Rule was introduced. This rule focuses on electronic PHI (ePHI) and defines three forms of protection (administrative, technical, and physical) that must be used to keep it secure.