HIPAA (Health Insurance Portability and Accountability Act)

free essayHIPAA stands for Health Insurance Portability and Accountability Act that was passed in the United States Congress in 1996. HIPAA was adopted to cater for health needs of American workers and their families. Nearly everybody understands the sensitivity of health and medical information. However, the privacy of health information and its security remains to be very complicated topic that is tough for most patients and healthcare providers to comprehend. Due to this fact, it became necessary for the federal government to come up with a law that will help in the governing of the privacy and security of health information in health institutions. Health Insurance Portability and Accountability Act was formulated for this very purpose.

Functions of HIPAA

To highlight some of the functions of HIPAA, one should mention firstly the fact that it gives millions and millions of American workers and their relatives the capability to transfer and continue with their health insurance if they lose or change their jobs. The second primary function of HIPAA is to help in reducing healthcare related frauds and abuses. Thirdly, it decrees industry-wide standards on how to handle healthcare information about patients on electronic billing and other processes. Finally, it calls for the protection and confidentiality when health specialists are handling secret health information about their patients. Generally, HIPAA is meant for the welfare of all American citizens with medical insurance together with their family members (Hamilton, 2004).

Get a price quote

History of HIPAA

HIPAA is a set of regulations that were signed into law in August 21st, 1996 by the President Bill Clinton for the chief purpose of helping American workers and their families to transfer their health insurance from one company to another in cases of job transfers or job losses. The law also helps in the streamlining of the transfer of patients’ medical records from one healthcare organization to the other. Additionally, HIPAA came up with a system of upholding and enforcing patient rights by ensuring privacy of medical records (Herdman, 2006). HIPAA contains some laws that require being followed to the latter; the violation of any of the legislation in HIPAA may have grave consequences to a healthcare institution. Patients can sue the health organization for the violation of any of their rights as stipulated in HIPAA. Due to this fact, many healthcare facilities have suffered huge financial losses for the violation of HIPAA laws. Healthcare organizations are therefore investing a lot of time and money in training their employees for strict compliance with HIPAA (Herdman & National Cancer Policy Forum (U.S.), 2006).

HIPAA was formulated in the 1990’s, when technological advancement was beginning to take root. Earlier, it was being referred to as the Kassebaum-Kennedy Act or the Kennedy-Kassebaum Act since the two men were the primary sponsors of the Act (Munsey, 2006). Many organizations were embracing computer technologies in their daily routine to work efficiently. The health sector was not to be left behind in the revolution. It became apparent that the medical care industry would significantly increase its efficiency when it came to rendering its services with computerized medical records. Another issue that was among the reasons for the formulation of HIPAA was the approach needed to ensure that people could still keep their health insurance coverage in the event of losing or changing their jobs. Finally, the healthcare industry was in dire needs in terms of new standards that would regulate the management of data within healthcare system in a better way.

Our outstanding writers are mostly educated to MA and PhD level


HIPAA is the law that was formed after considering all the concerns that were discussed above. The Congress signed it, and it was realized as a law in 1996. Despite being approved as a law, many things had still to be done about it. Therefore, the future specification about this law was left to the Congress and SHHS (Secretary of Health and Human Services). Many aspects of the ruling have been finalized since it was formulated; the first aspect of HIPAA was finalized in 1999, and it was termed as the Privacy Rule; the Transaction and Code Set Final Rule followed in 2000 (Herdman & National Cancer Policy Forum (U.S.), 2006). Afterwards, the Security Rule and the Unique Identifier Rule came. Finally, the last part of the law to be completed in detail was the Enforcement Rule that was done in 2006.

HIPAA Regulations

HIPAA contains a series of regulations that control the movement of medical information. It does this through the implementation of electronic recording systems. HIPAA is divided into two parts, Title 1 and Title 2, with the latter further divided into separate rules (Munsey, 2006). Title 1 is sufficiently concerned with healthcare plans and policies. When people lose their jobs or move to another positions, it is always tough for them to move on with their insurance cover. Title 1 of the law allows workers to still continue with their insurance cover even after moving to a different job. This provision is essential to many workers. Title 1 is responsible for the regulation of the period that health insurers can delay coverage due to various conditions as pointed out by Pabrai (2003). The period during which the health insurers can delay or withhold coverage is referred to as the ‘exclusion’ period. Title 1 also allows for ways that policyholders can be able to reduce this period. Another name for Title 1 is Health Care Access, Portability, and Renewability.

Title 2, on the other hand, is mainly concerned with the prevention of fraud and abuse in the US healthcare system. In fact, it is also referred to as Preventing Health Care Fraud and Abuse. It is further divided into five separate rules; namely the Privacy Rule, Transactions and Code Set Rule, Security Rule, National Provider Rule, and, finally, the Enforcement Rule. The Privacy Rule and the Security Rule are the most common rules when it comes to HIPAA. In fact, many people who are not very conversant with HIPAA think that it deals only with the privacy and security of the information about patients and nothing more (Pabrai, 2003).

First order discount 15% OFF

Order now!

HIPAA is famously known for its Privacy Rule. This rule comes up with national standards that are meant to protect medical records and other private health-related data. The rule applies to healthcare clearinghouses, health plans, and to those healthcare providers that conduct various transactions through electronic means. The control ensures that appropriate safeguards are present in order to protect a patient’s personal health information, alongside with setting limits and conditions of the use and exposure of such information without seeking for authorization from the patient. The Privacy Rule also vests the patients with rights over their health information such as the right to demand corrections in case of misinformation and the right to view or obtain copies of their medical records.

Health Insurance Portability and Accountability Act (HIPAA) contains five major components; each has regulations that are issued by the Department of Human and Health Service in the US (Munsey, 2006). Some regulations are final, while others are not. These components include: electronic transactions requiring respective formats for any distinct operations related to healthcare. These are the final regulations in this case. Another element is code set; HIPAA requires standard codes’ use in completing electronic transactions; and these are the final regulations. According to Hamilton (2004), HIPAA also restricts the disclosure and use of health-related information of any individual by healthcare providers. These are also the final regulations. They also require unique identifiers used by individuals, healthcare providers, and employers, which is a final rule as well.

Who Must Follow These Laws?

When it comes to following the HIPAA regulations, not all entities involved in healthcare provision are supposed to follow them, the entities that must obey the laws are referred to as covered entities. They include health plans, healthcare clearinghouses, and the majority of healthcare providers. Health plans entail company health plans and government programs that pay for health care. Most healthcare providers, on the other hand, entail the people who conduct their business electronically like billing health insurance; such people work in hospitals, clinics, or in pharmacy sector. Finally, healthcare clearinghouses are the entities that convert non-standard health data (Munsey, 2006) from other issues into standard information. Additionally, the business associates that transact business with the covered entities are also allowed to follow specific parts of the HIPAA regulations.

In many instances, contractors, sub-contractors, and other persons from external entities and companies that do not work for the covered entities will need to have access to the patients’ health-related information in the course of offering their services to the covered entity. According to Pabrai (2003), these entities that gain access to patient’s health information are referred to as business associates. The following are the examples of business associates: the companies that plan payments to doctors, companies that help oversee health plans, companies that deal with the storage and destruction of medical records, and finally, such people from outside institutions involved with the covered identities as accountants and lawyers (Munsey, 2006). To safeguard patient information as stipulated by HIPAA, when the protected identities are dealing with business associates, they should have binding contracts that would ensure not disclosing the information about patients inappropriately. Business associates must follow the provisions of their contracts to the latter for making them sure that they keep the privacy and the security rule.

Impacts of HIPAA

The major impact consists in building real-time intelligence for the electronic flow of a patient’s data more so regarding the destination, data, and medical care protocols. Besides, HIPAA has granted patients with the legal right to correct their medical data, and, hence, the patients with pre-existing conditions can change careers without getting worried about the fact that they could fail to get cover under an employer’s health plan (Herdman & National Cancer Policy Forum (U.S.), 2006). Generally, HIPAA has made the delivery of healthcare services more efficient with the introduction of electronic ways to keep patient information. The electronic means makes retrieval of information simpler and quicker; this way ensures that wasting time is minimized.


From the discussion, HIPAA has enabled the transfer and continuation of healthcare insurance for many employees and families among Americans whenever they change or lose their jobs. Before the introduction of HIPAA, it was not possible to continue getting medical insurance cover in the case where someone changed his/her job or lost it. HIPAA has impacted this area in colossal ways since American workers do not have to worry now about their insurance cover in case they lose or change their jobs.

Another major way that HIPAA has impacted the healthcare industry is reducing the number of frauds and abuse. Before the law was passed, information about patients’ health was not secured in any way. This made them vulnerable to fraud and ill-treatment as anyone could access their information; this was possible because there was no secure way to store patients’ health-related information. Many medical institutions lacked appropriate ways to keep patient information safe; they depended on such inferior means of storing data as the use of files. Munsey (2006) argues that with the introduction of computerized means of storing a patients’ information, it has become difficult for fraudsters to access data. The levels of frauds and abuse have drastically reduced since HIPAA was formulated into law. HIPAA has also led to the standardization of healthcare information on electronic billing across the entire healthcare industry in the US. This standardization has led to the overall improvement of the level of healthcare provision in the US courtesy of HIPAA.

Our Customer Support Team is at Your Disposal 24/7

Conclusion

In conclusion, the introduction of computers and new technologies has completely changed the way health care is practiced in the United States. The direction of these methods will be influenced significantly by HIPAA in order to ensure that health practitioners and patients are treated in the best way possible. Many people are concerned about their medical privacy, and they would not like private information about their personal health to be shared anyhow; they need to be assured that their information is safe and secure. This is what HIPAA was formulated to accomplish. Health care continues to embrace the use of technology at an unbelievable rate. Modern technologies come with many opportunities and concerns; this is where HIPAA comes in in order to help manage the upcoming issues and concerns while providing patients with confidentiality.