HIPAA is over 20 years old; however, many patients and providers still misunderstand it. As a result, they even misspell HIPAA as HIPPA. Google statistics show over 350K monthly searches for “HIPPA,” almost the same number as for “HIPAA.”
A simple Google search for “HIPPA” returns over 3 million results, including articles on lawyers’ and healthcare providers’ websites, representing approximately 10% of total search results for HIPPA and HIPAA combined.
Lack of basic knowledge about HIPAA resulted in over 24,825 corrective actions by OCR on HIPAA cases since 2003. Security breaches plague the healthcare industry. Only in three months of 2016, 25 million patient records were compromised.
So why is it HIPAA and not HIPPA, and what does it stand for?
HIPAA is the acronym for the Health Insurance Portability and Accountability Act of 1996. Senators Ted Kennedy and Nancy Kassebaum first introduced the legislation which serves as a base of HIPAA. HIPAA’s goal was to amend the Internal Revenue Code of 1986 to improve the portability of health insurance, simplify its administration, and prevent healthcare fraud and abuse.
As a result, HIPAA enhanced health insurance accountability and provided insurance coverage to individuals with pre-existing health conditions. Moreover, it created confidentiality systems to keep protected health information private.
HIPAA enforcement for most covered entities did not start till April 14, 2003, while for smaller health insurance companies until April 2004.
As we mentioned earlier, the primary purpose of HIPAA was to help employees maintain their health insurance. However, another HIPAA’s goal is to improve the effectiveness of the healthcare system through the Administrative Simplification.
On the other hand, the HIPAA Privacy Rule of 2003 and the HIPAA Security Rule of 2003 introduced security requirements. They enforce protection of the privacy of patients by ensuring that the patient data is secured.
HIPAA consists of five “Titles,” each covering a different aspect of the law:
- Title I covers health insurance reform and includes access to group insurance plans for the employees and their families. This Title mandates that a group insurance plan can’t establish the monthly premium amount or deny coverage based on health status. It also stipulates the protection of insurance coverage if employees change or lose their jobs.
- Title II of HIPAA focuses on the prevention of healthcare fraud and consists of five primary rules: Privacy Rule, Transactions and Code Sets Rule, Security Rule, Unique Identifiers Rule, Enforcement Rule. Title II is the most well-known part of HIPAA and covers different aspects of data protection. It outlines the safeguards (administrative, physical, and technical) required for protecting PHI from unauthorized access. The Enforcement Rule further protects patient privacy by introducing financial and criminal penalties for non-compliance.
- Title III establishes tax-related health provisions. This Title outlines savings in a pre-tax medical account. The key highlight of Title III is that it grants access to a medical savings account to self-employed professionals and employees alike.
- Title IV clarifies Continuation of Health Coverage (COBRA) and reenforces provisions of Title I on continuation of coverage in case of job change or loss and coverage for persons with pre-existing health conditions.
- Title V of HIPAA law was introduced in response to broad-based leveraged Company-Owned-Life-Insurance (COLI). It prohibits deductions for any interest on business loans for life insurance. However, it grants a $50,000 loan exception for policies covering the life of crucial personnel. Additionally, Title V makes provisions on the estate, income, and gift taxes on individuals who lose U.S. citizenship.
Why Does HIPAA Matter?
Understanding HIPAA is essential for healthcare organizations and patients alike.
Why is HIPAA important for healthcare organizations?
HIPAA regulations improve data systems and encourage healthcare organizations to adopt more efficient technologies that enhance patient care quality and efficiency. Understanding and preventing security risks by introducing robust policies and procedures, organizations can focus on their operations and profit.
Moreover, by introducing standardized code sets and nationally recognized identifiers, HIPAA improves the efficiency of the entire healthcare system by simplifying the transfer of electronic health information between health plans and healthcare providers.
Apart from reducing risks to the security and integrity of the patient information and other HIPAA compliance benefits, failing to comply with HIPAA can be a severe financial burden causing violation penalties of up to $1.5 million per incident.
Why is HIPAA important for patients?
HIPAA ensures that covered entities implement policies and procedures to safeguard sensitive health information. Without HIPAA, organizations would not have any repercussions for failing to protect data.
Educated patients can help the healthcare industry to secure and manage their health data more efficiently. Patients can better control with whom their information is shared.
They can obtain copies of their files to verify their health information and help healthcare providers keep the records accurate. On the other hand, obtaining copies of health information enables patients to seek treatments from new healthcare providers. Smooth transfer of data allows patients to avoid repeating the tests and provides new healthcare providers with full patient history to make informed decisions.
HIPAA may seem complicated and challenging to comprehend; however, it brought numerous benefits for patients and healthcare organizations.
It reduced paper in healthcare, introduced data standardization, and enforced common practices for filing and reporting across the entire healthcare industry. HIPAA fosters a culture of compliance and encourages every healthcare organization member to protect the privacy and security of patients.
Before the introduction of HIPAA, individual entities practiced uncoordinated and complicated ways of managing medical data. HIPAA eliminated unnecessary arduous procedures, saved healthcare industry money, reduced medical errors, increased patient trust, and improved quality of care.