The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was created primarily to modernize the flow of healthcare information, stipulate how Personally Health Information (PHI) maintained by the healthcare and healthcare insurance industries should be protected from fraud and theft, and address limitations on health care insurance coverage.
In addition to the original purpose of HIPAA, the way in which it is implemented is constantly changing to accommodate advances in technology and changes to working practices. For example, the original HIPAA legislation was drafted eight years before Facebook came into existence and eleven years before the first iPhone was released.
Therefore, since the original Privacy Rule, there have been a number of new HIPAA Rules plus frequent guidance has been issued by OCR regarding how Covered Entities and Business Associates should address current issues.
Much of the original language of HIPAA has remained unaltered because, despite the changing technological landscape, it was written to cover a great number of diverse scenarios. Therefore, whether a Covered Entity is a medical center maintaining patient records or an insurance company transferring the health care rights of an individual who is changing jobs, the purpose of HIPAA remains the same as it did in 1996.
HIPAA is also technology-neutral and does not favor one way of addressing a security vulnerability over another, provided the mechanism introduced to correct a flaw or vulnerability is subjected to a risk assessment and the reason for implementing it in place of a specified measure is recorded. It is also important to note that HIPAA does not preempt state law, except in circumstances when a state’s privacy and security regulations are weaker than those in HIPAA.
Want to learn HIPAA Privacy and Security Laws? Click here.
If you have any questions or concerns please contact us via the "help button" in the bottom right hand corner of the screen or email us at email@example.com.
Source: HIPAA Guide