The HIPAA Basics

With so much discussion concerning the future of American healthcare, it is no surprise that people are taking a closer look at their own health insurance and how healthcare works in the United States. If you have tried exploring this vast – and complicated – industry, you have probably run across the term “HIPAA.” While the HIPAA is key part of healthcare, few understand what it really means. Here is a short lesson on the law.

What Is It?

HIPAA stands for Health Insurance and Portability Act. The original HIPAA was passed by the U.S. Congress in 1996, although laws have made minor changes to how the Act works since.  HIPAA created a national standard for medical information and insurance.

What Does It Do?

HIPAA is essentially a series of privacy and protection laws for your medical information. While each state had laws that affect how healthcare information is shared, HIPAA made regulations that all medical organizations in all states had to follow, no matter what. HIPAA did not actually create health insurance or any new medical entity, but it laid the foundation for a national perspective on healthcare. The Act made it much easier for future federal policies to also affect all states. While HIPAA is a large act, its key points come down to:

  • Medical Record Access: Before HIPAA, federal laws did not guarantee you could look at your own medical records. After HIPAA, you could see, copy, and request amendments to your medical records whenever you wanted.
  • Disclosure: HIPAA requires all organizations dealing with medical information to give you notice on how your medical information is used before you give, and what you can do if you think your information is misused.
  • Records: HIPAA ensures you can see who has looked at your health information in the past six years.
  • Consumer Rights: HIPAA allows you to file complaints, make special requests for confidential communications, and choose if your name is included in hospital directories. If organizations do not follow these rules, HIPAA has a whole section on penalties and lawsuits they will face.
  • Training: Medical organizations must train their employees to follow HIPAA guidelines and properly take care of sensitive medical information. Only appropriate employees can access medical information, and the information needs to be held safely in computer systems.

These points may appear simple, and it is true that HIPAA covers rules people frequently take for granted. But before HIPAA there was no overarching federal rule that set up privacy regulation, so every state approached medical privacy a little differently. You can imagine how difficult the current national debates on health policy would have been prior to HIPAA, when each state had a different views on medical records.

Title I vs. Title II

Another important HIPAA point concerns the two divisions of the law, Title I and Title II. The privacy protection part of HIPAA is actually Title II whereas Title I covers health insurance rules for employees. This is a smaller, less complex section of the Act, so it does not receive as much attention as the vast body of privacy and security rules in Title II. However, Title I affects nearly all employees in the United States and is still a key part of the regulation.

Title I offers health insurance protection for workers who move from plan to plan (the “Portability” part of HIPAA). In other words, if you are covered for a specific disease or condition in one health plan, if you want to switch jobs then you must still be covered in your new health plan, even if it costs your new employer more money. This makes it easier for people with long-term conditions (like diabetes, for example) to compete in the employment market.

Title I stands to undergo the most change as the United States moves toward required health insurance, which could supercede some of the health insurance protection of the Act. The rest of HIPAA should remain relatively the same.

For More Detailed Information on HIPAA:

U.S. Department of Health & Human Services: Summary of the HIPAA Privacy Rule

Privacy Rights: HIPAA Basics: Medical Privacy in the Electronic Age

University of Wisconsin: HIPAA Basics Overview

United States Department of Labor: FAQs About Portability of Health Coverage and HIPAA

Centers for Medicare and Medicaid Services: HIPAA – General Information

Stanford University: HIPAA: Health Information Privacy and Security