What is the purpose of HIPAA?

Most people who have heard of HIPAA will be familiar with it in its data privacy capacity: it is the main legislation in the United States for protecting patient privacy. However, that is just one aspect of HIPAA: it covers everything from moving health insurance plans between employers to tax provisions for medical accounts. HIPAA has been broken down into five “Titles”, each dealing with a different aspect of the legislation.

Title I: Heath Care Access, Portability and Renewability

This part of HIPAA concerns group health plans and some individual health policies.

It places restrictions on how previous conditions are handled and reduces the amount of time new members have had to have “credible coverage” before joining the plan. Essentially, Title I is concerned with insurance reform for employer-provided healthcare plans.

Title II: Preventing Health Care Fraud and Abuse; Administrative Simplification; Medical Liability Reform

This is the most well-known part of HIPAA, as it concerns patient privacy and data protection. This part of HIPAA also contains the Privacy, Security, Enforcement, Breach Notification and Omnibus Rules. Each of these have been added to HIPAA since it was signed into law in 1996 and concerns a different part of data protection.

This part of HIPAA defines protected health information (PHI) and details the rules for its disclosure. It also lays out the minimum safeguards (administrative, physical and technical) that must be enacted to protect the PHI from unauthorized access.

However, for HIPAA to have a meaningful effect, there must be punishments for non-compliance. The Enforcement Rule introduced the penalties for non-compliance with the rules, which can be financial or criminal. These penalties act as a deterrent, further protecting patient privacy.

Title III: Tax-related health provisions governing medical savings accounts

Title III relates to how much money can be saved per person in a pre-tax medical savings account (MSA).

Title IV: Application and enforcement of group health insurance requirements

This details how group health insurance plans deal with members that have pre-existing conditions. It also details the requirements for continuation of coverage.

Title V: Revenue offset governing tax deductions for employees

This concerns company-owned life insurance. It also concerns how to deal with patients that have lost their US citizenship.

What is the most important part of HIPAA?

Each part of HIPAA concerns different, though related, areas. However, the most relevant part of HIPAA for most people will be Title II, which is what most people refer to when they talk about HIPAA or what the purpose of the legislation is. From this Title, we can see that the purpose of HIPAA is to protect patients from data breaches, maintaining their privacy and preventing them from becoming the victims of fraud. This is what is most commonly meant when people talk about HIPAA compliance and violations of the rules under this Title result in prosecution by the OCR.

However, it can be seen from the other titles that HIPAA has another important purpose: ensuring long-term access to health insurance, improving the availability of healthcare plans and streamlining the administrative processes that go alongside it.