Health Insurance Portability and Accountability Act of 1996 (HIPAA)

HIPAA is the federal law that establishes standards for the privacy and security of health information, as well as standards for electronic data interchange (EDI) of health information.

HIPAA has two main goals, as its name implies:

• making health insurance more portable when persons change employers, and

• making the health care system more accountable for costs -- trying especially to reduce waste and fraud.

HIPAA aims to improve accountability in part through what it calls administrative simplification -- a term that translates, roughly, as "promoting efficiency."

The principal means of promoting efficiency is better use of information technology. Health care is -- or, at least at the time of the legislation, was -- still very "uncomputerized" compared to other parts of the economy, particularly in its use of paper for personal health records.

Broader use of computer systems increased concerns about misuse of patient's health information, hence the inclusion of privacy and security provisions as part of HIPAA along with EDI standards.

HIPAA as implemented has four health information standards, and four associated sets of regulations or "rules":

• standardized formats for all computer-to-computer information exchanges (the "transaction standard");

• standardized "identifiers" for health providers, health plans and (maybe) patients;

• information system security standards; and

• privacy standards.

HIPAA is also known as the Kassebaum-Kennedy Act, or the Kennedy-Kassebaum Act.

See also:

• Health Insurance Portability and Accountability Act of 1996 (Public Law 104-191)
• H.R. 104-3103 (and other legislative sources for PL 104-191)
• HIPAA compliance calendar

  Last modified: 14-May-2005 [RC]