The Technological Feasibility of HIPAA Requirements

3082 Words7 Pages

Introduction

The Health Insurance Portability and Accountability Act of 1996, or HIPAA, is a law designed “to improve portability and continuity of health insurance coverage in the group and individual markets, to combat waste, fraud, and abuse in health insurance and health care delivery, to promote the use of medical savings accounts, to improve access to long-term care services and coverage, to simplify the administration of health insurance, and for other purposes.”1 HIPAA mandates that covered entities must employ technological means to ensure the privacy of sensitive information. This white paper intends to study the requirements put forth by HIPAA by examining what is technically necessary for them to be implemented, the technological feasibility of this, and what commercial, off-the-shelf systems are currently available to implement these requirements.

HIPAA Overview

On July 21, 1996, Bill Clinton signed HIPAA into law. It was passed partly because of the failure of congress to pass comprehensive health insurance legislation earlier in the decade. The general goals of HIPAA are to:

* Increase number of employees who have health insurance;

* Reduce health care fraud and abuse;

* Introduce/implement administrative simplifications in order to augment effectiveness of health care in the US;

* Protect the health information of individuals against access without consent or authorization;

* Give patients more rights over their private data;

* Set better boundaries for the use of medical information;

* Hold people accountable for misuse;

* Encourage administrative simplification (in the form of digitalization of information) to help reduce costs.

HIPAA affects covered entities which are defined as:

– Health plans;

– Health care clearinghouses;

– Health care providers who transmit health information in electronic form for certain standard transactions.

Even though HIPAA was singed into law over seven years ago, its effects are mostly being felt now. This is because of its schedule of compliance:

* 10/16/2002 - Transactions and code sets

* 4/14/2003 – Privacy Rule

* 4/14/2003 – Business Associates

* 4/20/2005 – Security Rule

This delay stems from a provision in the original act stating that if Congress did not specify certain regulations by the end of 1999, the Department of Health and Human Services (HHS) had to do it. Congress did not meet its deadline, so HHS had to write up the regulations and give companies a chance to implement them.

Open Document