HIPAA Resource Center
 
 

History, Overview, and Implementation of HIPAA


HISTORY:
HIPAA is the acronym for Health Insurance Portability and Accountability Act of 1996 – (Public Law 104-191), which was signed into law on August 21, 1996 by President Clinton. HIPAA legislation was enacted in response to national concerns for the need for health care insurance reform and in a direct response to the failure of the Clinton Health Care proposals of 1994. HIPAA is also referred to as the Kassenbaum-Kennedy Act named after the original sponsors of the bill - Senators Nancy Kassenbaum (R-KS) and Edward Kennedy (D-MA).

The primary purpose of HIPAA was to enable employees and their families to transfer health care benefits from one employer to another, or to continue coverage in the case of a layoff. Recognizing that this new law would impose an additional administrative burden on providers, payers, and employers, the crafters of the law noted that the efficiency and cost-effectiveness of the overall health care system could be significantly improved by eliminating the administrative burdens associated with paper-based processes. HIPAA is part of a broad Congressional attempt at incremental healthcare reform with requirements outlined by the law and the regulations promulgated by DHHS that have a far-reaching impact. HIPAA is rapidly becoming a major issue in healthcare.

OVERVIEW:
As described in Title 1 -- HEALTH CARE ACCESS, PORTABILITY, AND RENEWABILITY of the bill, the first objective of HIPAA is to guarantee health insurance coverage to all employees and their families. The major underpinnings of this portion of the legislation are the national standards for availability and portability of both group and individual health insurance coverage. Availability of health insurance is addressed in five major aspects of the policy:

  1. Prohibits denial of new coverage for pregnant women, newborns or newly adopted children,
  2. Expands availability to small employers (2-50 employees)
  3. Offers coverage to persons who have lost their jobs
  4. Prohibits exclusion from coverage based upon health status
  5. Requires insurers to renew coverage for all employees as long as the premium was paid.


Portability is the second major focus of this policy. Portability implies being able to make health insurance portable and continue coverage of health insurance between employers. Extending COBRA to a broader group of eligible employees and redefining “preexisting health conditions” and putting limits on waiting periods for preexisting conditions accomplish this.

The second objective of this bill found in Title II--PREVENTING HEALTH CARE FRAUD AND ABUSE; ADMINISTRATIVE SIMPLIFICATION; MEDICAL LIABILITY REFORM is aimed at “accountability” to reduce fraud and abuse in the healthcare system of a national basis. The US. General Accounting Office has estimated that 11 cents of every healthcare dollar is spent fraudulently. To help remedy the problem, HIPAA has established the Fraud and Abuse Control System, which provided the Department of Health and Human Services (DHHS) and the Justice Department more flexibility in pursuing organizations suspected of fraudulent activity.

While HIPAA is intended to assure portability and accountability of health care insurance, many aspects of the law deal specifically with data security and privacy and establish precise standards for electronic data interchange formats. Administrative Simplification (Subtitle F under Title II) was established to further reduce health care costs through its third objective, the implementation of Electronic Data Interchange (EDI). The efficiency of information exchange and processing of administrative and financial transaction between health organizations (payers and providers) can be greatly improved through the use of computer-to-computer interfaces using EDI transaction standards. The final rules for Standards for Electronic Transactions and Code Sets have been published and must be implemented by October 16, 2003. The use of EDI combined with stronger security practices (also called by Administrative Simplification) will improve our health information systems ability to guard against fraud. The final rules for the Security Standards were published on February 20, 2003.

The fourth objective of HIPAA was the requirement for Congress to enact comprehensive national medical record privacy standards by Aug. 21, 1999. When Congress was unable to enact standards by this deadline, HIPAA required that the DHHS to define rules for the protection of patient information. Publication of the Standards for Privacy of Individually Identifiable Health Information in the Federal Register occurred on December 28, 2000. The rule came into effect April 14, 2001. Full implementation of the rules will be April 14, 2003. This new regulation is intended to protect medical records and other personal health information, in all forms, maintained by health care providers, hospitals, health plans and health insurers, and health care clearinghouses.

Most of the HIPAA mandates were supposed to become effective in February 1998 with compliance required by February 2000. However, there have been extensive and repeated delays in rule development. This was due in part to the governments attempts to make these complex interrelated set of standards into a realistic and feasible plan. To completely understand the full impact of the law required consultation with various
industry groups, public hearings and briefings.

HIPAA has widespread ramifications for all aspects of health care but its consequences will not be apparent until it is fully implemented. Industry experts are projecting the cost of compliance to be in excess of $22 billion over the next 5 years. However, compliance with HIPAA can benefit health care providers that approach it as an investment in productivity and future cost savings instead of as a regulatory burden. Health insurance plans are more widely available and an employee not longer needs to fear being disqualified from coverage based on “preexisting conditions”. The security and privacy regulations are also a clear “win” for patients, leading to a secure delivery of private health care information to only those who need the information. The transaction standards will reduce operational expenses and minimize fragmentation. The government costs for administrating Medicare and Medicaid will be reduced.

IMPLEMENTATION:
Often compared to Y2K, HIPAA is an enterprise-wide issue. There are legal, regulatory, process, security, and technology aspects to each rule that must be carefully evaluated before an organization can begin its implementation plan. It is difficult to assess the costs and benefits of HIPAA because these are sweeping changes for which we have no historical experience.