 |
|
|
Health Insurance Portability and Accountability Act of 1996 (HIPAA)
The increase in the use of electronic systems to capture, manage and transmit health information has increased the public's concern with the security and confidentiality of health information. HIPAA directed Congress to enact a comprehensive patient confidentiality law by August 1999. HIPAA also specified that, if Congress failed to act by August 1999, the Department of Health and Human Services (HHS) must create and enact privacy and security rules by February 2000.
Congress failed to act, and HHS published draft regulations, for security in 1998 and for privacy in 1999.
The security standards apply chiefly to hardware and the control of access to information systems. The security standards, as published in the Federal Register on February 20, 2003, required compliance for most covered entities on April 20, 2005. Small health plans were again given an additional year, and must achieve compliance by April 20, 2006.
In contrast, the privacy standards are concerned with the ways in which identifiable information can be used, the policies that describe how patients gain access to their medical information, and the steps that must be taken to maintain the accuracy of stored information; these rules have caused considerable concern due to their requirements for extensive policy reviews, personnel education, and, potentially, the need for enhancements to existing information systems. The privacy standards, as published in the Federal Register on August 14, 2002, required compliance for most covered entities on April 14, 2003. Small health plans were given an additional year to comply, until April 14, 2003.
|
|
|
|
