The wisdom of the HIPAA Privacy Rules was to create national standards to protect the
privacy of personal health information. This Rule took effect in April, 2003 and provides
protections to every patient whose information is collected, used or disclosed by covered entities.
The paper will provide information on HIPAA's Privacy Rules, the effect on medical providers
and patients. Also, it will give recommendations on how to improve the implementation of this
Privacy Rules 2
"HIPAA" is an acronym for the Health Insurance Portability & Accountability Act
of1996 (August 21), Public Law 104-191, which amended the Internal Revenue Service
Code of 1986. Also known as the Kennedy-Kassebaum Act, the Act includes a section,
Title II, entitled Administrative Simplification. To improved the efficiency in healthcare
delivery by standardizing electronic interchange. To improve protection of
confidentiality and security health data through setting and enforcing standards.
More specifically, HIPAA called upon the Department of Health and Human Services
(DHHS) to publish new rules that will ensure standardization of electronic patient health,
administrative and financial data, unique health identifiers for individuals, employers,
health plans and health care providers and security standards protecting the confidentiality
and integrity of "individually identifiable health information," past, present or future. (HIPAA,
Who is covered by HIPAA?
Health Plans This includes individual or group health plans that provide or pay the cost of
medical care, and includes, among other federally funded health plans, the Medicare and
Medicaid programs. Certain other government-funded programs are excluded from
the definition of health plan.
Health Care Providers This includes any provider who transmits any health
information in electronic form in connection with the transactions covered in the rules. Health Care Clearinghouse This includes entities that process or facilitate the processing of health information received from other entities in a nonstandard format into a standard format or Privacy Rules 3
transaction. This could include for example a billing service.
INTRODUCTION TO PRIVACY RULE
While 85% of consumers believe privacy of medical information is "absolutely essential" (Maradiegue, 2002), it is estimated during a patient's typical hospital stay over 400 people are likely to see all or parts of the patient's medical record (Davis, 2001). Sensitive to the lack of patient privacy, Congress enacted HIPAA in 1996, but failed to pass legislation pertaining to medical privacy. HIPAA therefore required the DHHS to create and implement a national set of privacy rules, known as the Administrative Simplification Standards, to: (a) improve the efficiency and effectiveness of the health care system; (b) create national standards to protect patients' personal health information; and (c) provide patients increased access to their medical records (Helwig, 2002).
DHHS first issued the Privacy Rules in December 2000. Due to thousands of suggestions and comments, it subsequently made changes to address obstacles that would have had the effect of blocking patients' access to quality care. For example, the previous rules would have posed barriers to health care by requiring the sick patient to personally visit a pharmacy to sign paperwork before a pharmacist could review the patient's medical information to fill prescriptions (DHHS, 2002). Under the final version of the Privacy Rules, HIPAA allows a pharmacist to use protected health information that is telephoned in by a patient's physician. Furthermore, the DHHS received over 11,000 public comments on the proposed modifications issued in March 2002. Incorporating the public concerns and suggestions, the...