Health Insurance Portability And Accountability Act

The Health Insurance Portability and Accountability Act of 1996 (HIPAA), also known as the Kassebaum-Kennedy or Kennedy-Kassebaum Act, was passed in 1996 for the stated goal of allowing employees to continue with their employer-based health insurance after a change in jobs ("portability") and to reduced alleged health care fraud and waste ("accountability").^[1]

In fact, HIPAA enacted sweeping changes that enabled federal regulators to establish standards for the electronic data interchange (EDI) of health information, and to create federal jurisdiction and control over medical record privacy issues. Regulators promulgated these rules under the name of "administrative simplification," even though the rules are extraordinarily complex.

Though not widely known, only those who engage in electronic transactions (i.e., electronic billing, authorizations, etc.) are subject to HIPAA and federal jurisdiction under HIPAA.

There are four sets of rules under HIPAA:

• the privacy rule;^[2]

• the transaction standard for computer-to-computer information exchanges;

• standardized "identifiers" for health providers and health plans;^[3] and

• information system security rules

The Centers for Medicare & Medicaid Services (CMS) has prepared guidance to provide HIPAA covered entities with general information on the risks and possible mitigation strategies for remote use of and access to Electronic Protected Health Information (EPHI).^[4]

There is a timetable for implementing the above rules.^[5]

References[edit]