HIPAA, the Health Insurance Portability and Accountability Act, was enacted by the U.S. Congress in 1996, and became effective July 1, 1997. This act is a grouping of regulations that work to combat waste, fraud, and abuse in health care delivery and health insurance. The intention of the HIPAA is also to improve the effectiveness and efficiency of the health care system, portability and continuity of health insurance coverage in the group and individual markets, as well as the ability to provide consequences to those that do not apply with the regulations explicitly stated within the Act.

The Health Insurance Portability and Accountability Act protects health insurance coverage for workers and their families when they change or lose their jobs. HIPAA also promotes the use of medical savings accounts, improving access to long-term care services and coverage as well as simplifying the administration of health insurance. As federal law, it limits pre-existing condition exclusions and permits special enrollment when certain life or work events occur. The HIPAA prohibits discrimination against employees and dependents based on their health status, and guarantees the availability and renewability of health coverage to certain employees and individuals in general terms, allowing also the portability for group coverage from one carrier to another group carrier.

The regulations require guaranteed issue and renewal of insurance coverage, prohibiting plans from charging individuals higher premiums, co-payments, and/or deductibles based on health status. Pre-existing conditions may not be imposed if group coverage was effective for 12 months and not longer than 63 days elapsed between coverage. If such coverage was for less than 12 months, than pre-existing conditions may be imposed for only that portion of the 12 months that were not covered. The Health Insurance Portability and Accountability Act establishes a maximum of 12 months may be imposed for a pre-existing condition, meaning individuals will not be punished for seeking care for chronic and life long illnesses in the past.

The Act’s Administrative Simplification provisions required the establishment of national standards. These standards were set forth for electronic health care transactions, national identifiers for providers, health insurance plans, as well as employers. The Administrative Simplification process also addresses the security and privacy of health data to improve the efficiency and effectiveness of the nation’s health care system, encouraging the widespread use of electronic data interchange in health care. The regulations were expanded in 2002 to provide protection for individual medical records. With the new revisions in place, medical records may not be disclosed without written permission of the patient. It is also required that medical records be kept under lock and key and available only on a need-to-know-basis.

Key privacy provisions establish that patients must be able to access their records and correct errors, in addition to being informed of how their personal information will be used. Patient information can only be shared to treat the patient and cannot be used for marketing purposes without their explicit consent. Patients can ask their health insurers and providers to take reasonable steps to ensure that their communications with the patient are confidential, and file formal privacy-related complaints to the Department of Health and Human Services (HHS) Office for Civil Rights. Health insurers and providers must document their privacy procedures so that patients and staff are aware of the policy that will be followed to give the patients the confidentiality that they expect from medical professionals.

Additional Reading on HIPAA