What is the purpose of HIPAA?

Most people who have heard of HIPAA will be familiar with it in its data privacy capacity: it is the main legislation in the United States for protecting patient privacy. However, that is just one aspect of HIPAA: it covers everything from moving health insurance plans between employers to tax provisions for medical accounts. HIPAA has been broken down into five “Titles”, each dealing with a different aspect of the legislation.

Title I: Heath Care Access, Portability and Renewability

This part of HIPAA concerns group health plans and some individual health policies.

It places restrictions on how previous conditions are handled and reduces the amount of time new members have had to have “credible coverage” before joining the plan. Essentially, Title I is concerned with insurance reform for employer-provided healthcare plans.

Title II: Preventing Health Care Fraud and Abuse; Administrative Simplification; Medical Liability Reform

This is the most well-known part of HIPAA, as it concerns patient privacy and data protection. This part of HIPAA also contains the Privacy, Security, Enforcement, Breach Notification and Omnibus Rules. Each of these have been added to HIPAA since it was signed into law in 1996 and concerns a different part of data protection.

This part of HIPAA defines protected health information (PHI) and details the rules for its disclosure. It also lays out the minimum safeguards (administrative, physical and technical) that must be enacted to protect the PHI from unauthorized access.

However, for HIPAA to have a meaningful effect, there must be punishments for non-compliance. The Enforcement Rule introduced the penalties for non-compliance with the rules, which can be financial or criminal. These penalties act as a deterrent, further protecting patient privacy.

Title III: Tax-related health provisions governing medical savings accounts

Title III relates to how much money can be saved per person in a pre-tax medical savings account (MSA).

Title IV: Application and enforcement of group health insurance requirements

This details how group health insurance plans deal with members that have pre-existing conditions. It also details the requirements for continuation of coverage.

Title V: Revenue offset governing tax deductions for employees

This concerns company-owned life insurance. It also concerns how to deal with patients that have lost their US citizenship.

What is the most important part of HIPAA?

Each part of HIPAA concerns different, though related, areas. However, the most relevant part of HIPAA for most people will be Title II, which is what most people refer to when they talk about HIPAA or what the purpose of the legislation is. From this Title, we can see that the purpose of HIPAA is to protect patients from data breaches, maintaining their privacy and preventing them from becoming the victims of fraud. This is what is most commonly meant when people talk about HIPAA compliance and violations of the rules under this Title result in prosecution by the OCR.

However, it can be seen from the other titles that HIPAA has another important purpose: ensuring long-term access to health insurance, improving the availability of healthcare plans and streamlining the administrative processes that go alongside it.

Purpose of HIPAA: FAQ

How does HIPAA protect patients?

There are a number of ways in which HIPAA benefits patients. By reforming the health insurance industry, it ensures that patients have better protections and continuity in health insurance. By ensuring that any personal information is protected by minimum safeguards, the data privacy components of HIPAA also protect patients from identity theft and fraud. Both of these can have devastating consequences for individuals, highlighting the importance of HIPAA.

Why was HIPAA enacted?

Despite its current association with patient privacy, one of the main drivers of enacting HIPAA was health insurance reform. Before HIPAA, it was difficult for patients to transfer benefits between health plans if they changed employers, and insurance could be difficult to obtain for those with pre-existing conditions.

Who enforces HIPAA?

The privacy-related aspects of HIPAA (in Title II) are enforced by the Department for Health and Human Services’ Office for Civil Rights (OCR). HIPAA violations that result in the unauthorized access of PHI are reportable to the OCR. The OCR will then investigation, and if they decide that a violation of HIPAA has occurred, they will issue a corrective action plan, a financial penalty, or refer the case to the Department of Justice if they believe there was criminal activity involved.

How does HIPAA help Covered Entities?

Though HIPAA is primarily focused on patients, there are some benefits to HIPAA Covered Entities (health plans, healthcare providers, and healthcare clearinghouses). HIPAA has improved efficiency by standardizing aspects of healthcare administration.