What Does HIPAA Stand For?

What Does HIPAA Stand For?HIPAAGuide.net

HIPAA stands for the Health Insurance Portability and Accountability Act – an Act passed in 1996 that was intended to reform the health insurance industry and that led to the subsequent publication of the HIPAA Administrative Simplification Regulations.

When Bill Clinton was elected President in 1992, it was on the back of a strong election campaign during which the President had pledged to reform the healthcare system. The following year, the Health Security Act was introduced into Congress. The Act proposed a healthcare security card that would entitle every American to medical treatment and preventative services regardless of any preexisting condition or their ability to pay.

The Act failed to get the support it needed due to the mandatory requirement for employers to fund insurance premiums. However, the momentum to reform the healthcare system had started, and a particular concern for Congress at the time was the risk of workers losing insurance coverage when they changed jobs due to new employers operating an incompatible insurance program or due to a preexisting condition.

To address these concerns, Senators Ted Kennedy and Nancy Kassebaum introduced the Health Insurance Reform Act. Among a number of proposals, the Act guaranteed the renewability of health insurance coverage as long as premiums continued to be paid (either by a new employer or by the worker themselves), and allowed disabled workers to continue their health insurance coverage and receive benefits until they became eligible for Medicare.

How the Kennedy-Kassebaum Act Became HIPAA

Although the Kennedy-Kassebaum Act resolved the concerns about workers losing insurance coverage, it raised new concerns about the cost of the proposals to health insurance providers, how premiums for health insurance might increase, and how this would affect federal tax revenues – as health insurance premiums are tax deductible. Due to these new concerns, Congress adopted the reform measures but inserted them into a companion bill.

The companion bill – the Health Coverage Availability and Affordability Act – included measures to counter the cost of reforming the health insurance industry. These measures included steps to reduce fraud and abuse in the healthcare industry and proposals to simplify the administration of healthcare transactions. The companion bill was renamed the Health Insurance Portability and Accountability Act prior to being passed in 1996.

HIPAA
Compliance
Checklist

Simple Guidelines
Immediate PDF Download

Immediate Access

Privacy Policy

Download Free Checklist

However, the proposals to simplify the administration of healthcare transactions did not become regulations overnight. The first sets of transaction standards were not finalized until August 2000, the Final Privacy Rule was not published until August 2002, and the Security Standards for the Protection of Electronic Protected Health Information (Security Rule) were not effective until August 2003. The Breach Notification Rule was added via the HITECH Act of 2009.

What Does HIPAA Stand For in 2024?

The HIPAA Administrative Simplification Regulations have barely changed since 2013 when the Omnibus Final Rule made business associates liable for violations attributable to their own HIPAA compliance failures. However, there are multiple changes to HIPAA under consideration which could take effect in the near future. These include, but are not limited to:

  • Aligning Part 2 privacy protections for SUD Patients with the HIPAA Privacy Rule (this change was finalized in February 2024).
  • Allowing patients to access their PHI via APIs in line with the 2020 CMS Interoperability and Patient Access Final Rule.
  • Introducing a new “attested” category for uses and disclosures of Protected Health Information relating to reproductive health.
  • Rules to allow settlement sharing which could result in an increase in the number of data breaches that result in HIPAA violation penalties.
  • Changes to the Security Rule to introduce Cybersecurity Performance Goals (which may become a condition of participation in Medicare).

Because of the impact theses changes may have on healthcare-related activities, HIPAA covered entities and business associates are advised to review their existing levels of HIPAA compliance, conduct risk assessments, and increase compliance efforts where necessary. Compliance Officers must also be alert to the fact that many of these changes qualify as “material changes” that will necessitate the provision of additional HIPAA training.

About Liam Johnson

Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: https://www.linkedin.com/in/liamhipaa/