What are Some Important Facts About the History of HIPAA?


Bill Clinton signed the Health Insurance Portability and Accountability Act or HIPAA on August 21, 1996. The HIPAA ensured the continuity of health insurance coverage for everyone, especially the employees that were between jobs. It also accomplished the following:

  • set standards as to the amount of pre-tax medical savings that could be saved
  • prohibited tax-deduction of interest on life insurance loans
  • enforced the requirement of group health plans
  • set standard codes and practices to simplify healthcare administration
  • introduced safety measures to avoid healthcare fraud

The HIPAA Enforcement Rule was signed on February 16, 2006, ten years after the HIPAA was signed. This allowed the Department of Health and Human Services’ Office for Civil Rights to enforce HIPAA Rules and impose financial penalties to violators.

Important HIPAA-related concepts and updates that you need to know are the following:

HIPAA Privacy Rule was signed on December 28, 2000 and rule compliance began on April 14, 2003. This rule provides details of the allowable uses and disclosures of PHI (protected health information) without needing the patient’s consent. It also instructs HIPAA-covered entities to provide patients with copies of their health data upon request.

HIPAA Security Rule was signed on April 21, 2003 but enforcement began on April 21, 2005.  This Rule primarily protects electronic PHI creation, use, storage and transmission through physical, administrative and technical safety precautions.

HIPAA Breach Notification Rule is part of the Health Information Technology for Economic and Clinical Health (HITECH) Act signed on February 17, 2009. This Rule took effect starting on August 24, 2009. This Rule requires HIPAA-covered entities to notify the Secretary of the Department of Health and Human Services about any breach of protected health information within 60 days of its discovery. Affected patients are also sent notifications letters within 60 days of the breach discovery.

HIPAA Omnibus Rule was signed on January 17, 2013 which introduced important changes to the HIPAA Privacy Rule, Security Rule and Breach Notification Rule. One important change is the requirement of HIPAA-covered entities business associates and subcontractors to implement ePHI protection as required by HIPAA Security Rule. Non-compliance will result in fines. Another important change is the allowing of covered entities not to report a breach provided they can prove it has no significant harm.