Katana VentraIP

Health Insurance Portability and Accountability Act

The Health Insurance Portability and Accountability Act of 1996 (HIPAA or the KennedyKassebaum Act[1][2]) is a United States Act of Congress enacted by the 104th United States Congress and signed into law by President Bill Clinton on August 21, 1996.[3] It aimed to alter the transfer of healthcare information, stipulated the guidelines by which personally identifiable information maintained by the healthcare and healthcare insurance industries should be protected from fraud and theft,[4] and addressed some limitations on healthcare insurance coverage. It generally prohibits healthcare providers and businesses called covered entities from disclosing protected information to anyone other than a patient and the patient's authorized representatives without their consent. The bill does not restrict patients from receiving information about themselves (with limited exceptions).[5] Furthermore, it does not prohibit patients from voluntarily sharing their health information however they choose, nor does it require confidentiality where a patient discloses medical information to family members, friends or other individuals not employees of a covered entity.

Other short titles

Kassebaum–Kennedy Act, Kennedy–Kassebaum Act

An Act To amend the Internal Revenue Code of 1986 to improve portability and continuity of health insurance coverage in the group and individual markets, to combat waste, fraud, and abuse in health insurance and health care delivery, to promote the use of medical savings accounts, to improve access to long-term care services and coverage, to simplify the administration of health insurance, and for other purposes.

HIPAA (pronounced /ˈhɪpə/ HIP-uh)

Pub. L.Tooltip Public Law (United States) 104–191 (text) (PDF)

The act consists of 5 titles:

The largest loss of data that affected 4.9 million people by Tricare Management of Virginia in 2011

[77]

The largest fines of $5.5 million levied against Memorial Healthcare Systems in 2017 for accessing confidential information of 115,143 patients and of $4.3 million levied against Cignet Health of Maryland in 2010 for ignoring patients' requests to obtain copies of their own records and repeated ignoring of federal officials' inquiries

[78]

The first criminal indictment was lodged in 2011 against a Virginia physician who shared information with a patient's employer "under the false pretenses that the patient was a serious and imminent threat to the safety of the public, when in fact he knew that the patient was not such a threat."

According to the US Department of Health and Human Services Office for Civil Rights, between April 2003 and January 2013, it received 91,000 complaints of HIPAA violations, in which 22,000 led to enforcement actions of varying kinds (from settlements to fines) and 521 led to referrals to the US Department of Justice as criminal actions.[76] Examples of significant breaches of protected information and other HIPAA violations include:


According to Koczkodaj et al., 2018,[79] the total number of individuals affected since October 2009 is 173,398,820.


The differences between civil and criminal penalties are summarized in the following table:

Tooltip Public Law (United States) 104–191 (text) (PDF), 110 Stat. 1936

Pub. L.

; H. Rept. 104–469, part 1; H. Rept. 104-736

H.R. 3103

; S. 1698; S. Rept. 104-156

S. 1028

Security Standards, 45 CFR 160, 45 CFR 162, and 45 CFR 164

HHS

HHS Standards for Privacy of Individually Identifiable Health Information, 160 and 45 CFR 164

45 CFR

In 1994, President Clinton expressed his goals to improve the healthcare system. However, his reforms did not succeed, most likely due to lack of support.[80] The Congressional Quarterly Almanac of 1996 explains how two senators, Nancy Kassebaum (R-KS) and Ted Kennedy (D-MA) came together and created a bill called the Health Insurance Reform Act of 1995 or more commonly known as the Kassebaum-Kennedy Bill.[81] This bill was stalled despite making it out of the Senate. In the 1996 State of the Union address, Clinton pressed the issue, and it resulted in bipartisan cooperation.[80] After much debate and negotiation, there was a shift in momentum once a compromise between Kennedy and Ways and Means Committee Chairman Bill Archer was accepted, after alterations were made of the original Kassebaum-Kennedy Bill.[82] Soon after this, the bill was signed into law by President Clinton and was named the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

Archived 2012-11-01 at the Wayback Machine (CalOHI)

California Office of HIPAA Implementation

Centers for Medicare and Medicaid Services (CMS)

"HIPAA"

University of North Texas Libraries

Congressional Research Service (CRS) reports regarding HIPAA

U.S. Government Printing Office

Full text of the Health Insurance Portability and Accountability Act (PDF/TXT)

Office for Civil Rights page on HIPAA