Why Was HIPAA Created?


HIPAA was created as a result of the Clinton administration’s ambitious, but unsuccessful, attempt to pass a Health Security Act. HIPAA addressed the area of the Health Security Act related to health insurance reforms, which enabled the bill’s supporters to include measures that protect the privacy and security of individually identifiable health information.

One of the reasons Bill Clinton won the 1992 Presidential election was his promise to reform the “bureaucratic and wasteful” health care system. As soon as he took office, Clinton established a task force to develop a comprehensive plan to provide universal health care for all Americans; and, within a year, the task force delivered an ambitious 1,342-page Health Security Act to Congress.

Despite its objectives, the Act was not received well. Some commentators raised concerns about the federal government controlling such a large part of the economy, while supporters of the Clinton Plan had to admit that a large percentage of Americans would be paying more for health insurance premiums. Some supporters even questioned whether the health care system needed reforming.

After a year of trying to find compromises, the Health Security Act was declared dead in September 1994. The Republican Party took control of the House and Senate following the mid-term elections in November 1994 – ending any prospect of the Clinton Plan being resurrected. However, elements of the Plan resurfaced soon after, including one that led to the creation of HIPAA.

Why HIPAA was Created

Although doubts existed that the health care system needed reforming, there was a consensus of opinion that the health insurance industry needed reforming. Following the demise of the Health Security Act, Senators Nancy Kassebaum and Edward Kennedy introduced the Health Insurance Reform Act of 1995 into Congress (S.1028), with a lot of content lifted from the Clinton Plan.

The Health Insurance Reform Act had the primary objectives of preventing any temporary loss of coverage when employees changed jobs, allowing individuals leaving employee coverage to maintain coverage as an individual, and limiting health insurance exclusions for employees with preexisting conditions. However, the Act failed to address the risk of increased health insurance premiums.

To prevent health insurance carriers increasing premiums to compensate for the cost of complying with the Act, the proposals in the Kassebaum-Kennedy Act were integrated into a companion bill – the Health Coverage Availability and Affordability Act (HR.3103). This Act included provisions to reduce fraud and the abuse of health insurance, and make the administration of healthcare transactions more efficient.

How HIPAA was Created

HIPAA was created when the Health Insurance Reform Act was combined with the Health Coverage Availability and Affordability Act, and the name changed to the Health Insurance Portability and Accountability Act. The Kassebaum-Kennedy proposals became Title 1 of HIPAA, while the proposals to reduce fraud and abuse and simplify healthcare transactions became Title II of HIPAA.

As HIPAA passed through Congress, several compromises still had to be made to get the Act passed. These included the removal of proposals relating to insurance coverage for mental illness and most of the proposals intended to reform liability in medical malpractice cases. Additionally, provisions allowing for medical savings accounts were added by the House after the bill had passed the Senate.

Eventually the content of HIPAA was agreed on, and HIPAA was signed into law by President Clinton on August 21, 1996. As instructed by the text of HIPAA, the Secretary of Health and Human Services developed standards for healthcare transactions (HIPAA Part 162), adopted standards for the security of health information (the Security Rule), and made recommendations with respect to the privacy of health information (later published as the Privacy Rule).

Key Dates in the History of HIPAA

  • November 20, 1993 – Health Security Act (S.1757) introduced
  • July 13, 1995 – Health Insurance Reform Act (S.1028) introduced
  • March 18, 1996 – Health Coverage Availability and Affordability Act (HR.3103) introduced
  • April 23, 1996 – S.1028 and HR.3103 combined to create HIPAA
  • August 21, 1996 – HIPAA signed into law by President Clinton
  • December 28, 2000 – HIPAA Standards for Healthcare Transactions published
  • August 14, 2002 – Amended HIPAA Privacy Rule published
  • February 2, 2003 – HIPAA Security Rule published
  • February 16, 2006 – HIPAA Enforcement Rule published
  • August 24, 2009 – Interim Breach Notification Rule published
  • January 25, 2013 – HIPAA Omnibus Final Rule published

In addition to the above, there have been multiple, smaller modifications to HIPAA. These modifications, amendments to other laws that impact HIPAA compliance, and future proposals are discussed in this HIPAA changes article.