Health Insurance Portability and Accountability Act: Administrative Simplification to Understand the Revised Proposed Privacy Standards—A Policy Update

Abstract

Changes in health care delivery, technology, and reimbursement have expanded significantly over the past 100 years, creating a complex health care system network of services provided by multiple teams of providers and payers. The changes in health care delivery, along with increased costs, have resulted in a system that is increasingly inadequate and incapable of dealing with emerging financial, administrative, and patient care data. Our present health care system has become burdensome, cumbersome, inept, and inefficient and is unable to handle the considerable paperwork created by a complex health care system. In addition, issues created by information technology have raised serious ethical questions and concerns over who would have access to an electronic record and who “owns” the electronic record, as well as concerns regarding the privacy and confidentiality of electronic medical records. As a result, with the increasing numbers of health care networks and resource consumers, financial constraints, complexity of patient care, and inadequate management tools, coupled with technological advances, there is a need for a new and changing health care paradigm to manage the electronic records. The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996 as part of the federal government’s concern about spiraling health costs, inadequate health care management systems, and patients’ privacy. These sweeping changes in health legislation were designed to improve the efficiency and effectiveness of our health care system. As part of HIPAA, Congress recognized the concern for ethical issues and need for patient privacy standards and set a 3-year deadline to enact such protections as part of HIPAA. The law required the Department of Health and Human Services (DHHS) to adopt these protections via regulation if Congress did not address the issue in a timely manner. The purpose of this article is to globally review the provisions of HIPAA and to discuss in detail the modifications and revisions to the privacy rule better known as the Standards for Privacy of Individually Identifiable Health Information. The privacy rule covers health plans, health care clearinghouses, and those health care providers who conduct financial and administration transactions electronically. This article will alert providers regarding the “relaxed” and more flexible interpretation of the unintended rigid and structured guidelines created under the Clinton administration.