Health Insurance Portability and Accountability Act
The Health Insurance Portability and Accountability Act of 1996 (HIPAA or the Kennedy–Kassebaum Act[1][2]) is a United States Act of Congress enacted by the 104th United States Congress and signed into law by President Bill Clinton on August 21, 1996.[3] It aimed to alter the transfer of healthcare information, stipulated the guidelines by which personally identifiable information maintained by the healthcare and healthcare insurance industries should be protected from fraud and theft,[4] and addressed some limitations on healthcare insurance coverage. It generally prohibits healthcare providers and businesses called covered entities from disclosing protected information to anyone other than a patient and the patient's authorized representatives without their consent. The bill does not restrict patients from receiving information about themselves (with limited exceptions).[5] Furthermore, it does not prohibit patients from voluntarily sharing their health information however they choose, nor does it require confidentiality where a patient discloses medical information to family members, friends or other individuals not employees of a covered entity.
Other short titles
Kassebaum–Kennedy Act, Kennedy–Kassebaum Act
An Act To amend the Internal Revenue Code of 1986 to improve portability and continuity of health insurance coverage in the group and individual markets, to combat waste, fraud, and abuse in health insurance and health care delivery, to promote the use of medical savings accounts, to improve access to long-term care services and coverage, to simplify the administration of health insurance, and for other purposes.
The act consists of 5 titles:
According to the US Department of Health and Human Services Office for Civil Rights, between April 2003 and January 2013, it received 91,000 complaints of HIPAA violations, in which 22,000 led to enforcement actions of varying kinds (from settlements to fines) and 521 led to referrals to the US Department of Justice as criminal actions.[76] Examples of significant breaches of protected information and other HIPAA violations include:
According to Koczkodaj et al., 2018,[79] the total number of individuals affected since October 2009 is 173,398,820.
The differences between civil and criminal penalties are summarized in the following table:
In 1994, President Clinton expressed his goals to improve the healthcare system. However, his reforms did not succeed, most likely due to lack of support.[80] The Congressional Quarterly Almanac of 1996 explains how two senators, Nancy Kassebaum (R-KS) and Ted Kennedy (D-MA) came together and created a bill called the Health Insurance Reform Act of 1995 or more commonly known as the Kassebaum-Kennedy Bill.[81] This bill was stalled despite making it out of the Senate. In the 1996 State of the Union address, Clinton pressed the issue, and it resulted in bipartisan cooperation.[80] After much debate and negotiation, there was a shift in momentum once a compromise between Kennedy and Ways and Means Committee Chairman Bill Archer was accepted, after alterations were made of the original Kassebaum-Kennedy Bill.[82] Soon after this, the bill was signed into law by President Clinton and was named the Health Insurance Portability and Accountability Act of 1996 (HIPAA).