GUIDANCE (Oct. 23, 2006)
Updated: February 2010
HIPAA was enacted as a broad Congressional attempt at healthcare reform - it was initially introduced in Congress as the Kennedy-Kassebaum Bill. The landmark Act was passed in 1996 with two objectives.
- One was to ensure that individuals would be able to maintain their health insurance between jobs. This is the Health Insurance Portability part of the Act. It is relatively straightforward, and has been successfully implemented.
- The second part of the Act is the "Accountability" portion. This section is designed to ensure the security and confidentiality of patient information/data. In addition, it mandates uniform standards for electronic data transmission of administrative and financial data relating to patient health information.
specific information and guidance on policies and procedures for complying with HIPAA, please see our Faculty & Staff - Guidance section.
The HIPAA legislation required the Department of Health and Human Services (DHHS) to broadcast regulations on the specific areas of HIPAA, called the Rules. These Rules were finalized at various times and health care organizations had 2 or 3 years (depending on size) to comply with the specific requirements.
The Rules are composed of Standards. The HIPAA Standards resulted from many years of public and private sector collaboration. Industry workgroups were formed and reports written with recommendations on how to better manage and protect health information. The goal of this initiative was to define uniform standards for transferring health information among healthcare providers, health plans, and clearinghouses (covered entities) while securing health information and ensuring patient privacy and confidentiality.