Health Insurance Portability and Accountability Act

In order to protect the American people from waste, fraud, and abuse in healthcare delivery and health insurance, the United States Congress enacted in 1996 the Health Insurance Portability and Accountability Act (HIPAA). This law took effect on July 1, 1997.

HIPAA intends to improve the effectiveness and efficiency of the healthcare system, portability and continuity of the health insurance for the group and individual market. It was also enacted to provide consequences to those that do not comply with the regulations that are stated in this act.

HIPAA protects workers and their families with health insurance coverage when they transfer jobs or lose their jobs. The law also promotes the use of medical savings account, tries to improve the access to long-term care service and coverage, and simplifies health insurance administration.

Since HIPAA is a federal law, pre-existing condition exclusions are part of its limits but it permits special enrollment if certain life or work events happen. Discrimination against employees and dependents is also prohibited by this law. It also guarantees that health coverage to certain workers and individuals will be available and renewed and allow the portability for group coverage if they transfer from one carrier or insurance company to another.

According to HIPAA, if the group coverage is effective for 12 months and is not longer than 63 days from the time the last coverage has ended, pre-existing conditions may not be imposed. In the case that the coverage is less than 12 months, then pre-existing conditions may be imposed for only the part of the 12 months that is not included in the coverage.   Based on HIPAA, 12 months is the maximum period where pre-existing conditions may be imposed. This means that individuals will be punished if they seek care for chronic and lifelong disease in the past. HIPAA also prohibits plans from charging individuals with higher premiums, co-payments, and/or deductibles based on their health status. The law also requires a guaranteed and renewal insurance coverage.

HIPAA’s Administrative Simplification section requires establishments to follow and meet national standards. These standards were created for electronic healthcare transactions, national identifier for providers (provider ID number), health insurance plans, and employers. The Administrative Simplification process also encourages the use of electronic date interchange, which was expanded in 2002 in order to provide protection for individual’s medical records. With this new provision, a written permission from the patient is required before any medical records can be disclosed. Also, medical records should be kept under lock and key and will only be available only on a need-to-know basis.

HIPPA also establishes key privacy provisions for patients, wherein they must be able to access their records and correct any errors and that they should be informed of how their personal information will be used. Patient records are solely used for treating the patient and cannot be used for marketing purposes without the patient’s consent. Patients can ask their health insurers and providers to take the necessary steps to ensure that their information are kept confidential. They can also file formal complaints in relation to privacy to the Department of Health and Human Services (HHS) Office for Civil Rights. According to this act, health insurers and providers must document all privacy procedures so that patients and staff members will be aware of the policies to be used and followed in order to give the patients the confidentiality that they expect from health professionals.